filter var for url

loveorigami · Dec 21, 2018 · 3a1e774 · 3a1e774
1 parent 2ac1eb2
commit 3a1e774
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 3 deletions.
diff --git a/composer.json b/composer.json
@@ -9,7 +9,7 @@
   ],
   "type": "yii2-extension",
   "license": "MIT",
-  "version": "3.1.4",
+  "version": "3.1.5",
   "support": {
     "source": "https://github.com/loveorigami/yii2-plugins-system",
     "issues": "https://github.com/loveorigami/yii2-plugins-system/issues"

diff --git a/src/core/extralinks/ExternalLinks.php b/src/core/extralinks/ExternalLinks.php
@@ -157,4 +157,4 @@ protected static function initConfig(array $data)
         }
     }
 
-}
+}
diff --git a/src/core/extralinks/RedirectController.php b/src/core/extralinks/RedirectController.php
@@ -34,9 +34,14 @@ public function actionRedirect()
             if ($config['enabledB64Encode']) {
                 $url = base64_decode($url);
             }
+
+            if (filter_var($url, FILTER_VALIDATE_URL) === FALSE) {
+                throw new BadRequestHttpException;
+            }
+
             return $this->redirect($url);
         }
 
         throw new BadRequestHttpException;
     }
-}
+}