lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-10-15 19:54:57 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Added URL referrer safety check.

Browse Source
This commit is contained in:
Sipke Schoorstra
2015-04-30 17:28:49 +02:00
parent c7094ab46b
commit 5a5d2f9ae8
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/Orchard.Web/Modules/Orchard.DynamicForms/Controllers/FormController.cs
View File

@@ -7,6 +7,7 @@ using Orchard.Layouts.Services;
using Orchard.Localization;
using Orchard.Logging;
using Orchard.UI.Notify;
using Orchard.Utility.Extensions;
using IController = Orchard.DynamicForms.Services.IController;
namespace Orchard.DynamicForms.Controllers {
@@ -34,7 +35,7 @@ namespace Orchard.DynamicForms.Controllers {
public ActionResult Submit(int contentId, string formName) {
var layoutPart = _layoutManager.GetLayout(contentId);
var form = _formService.FindForm(layoutPart, formName);
var urlReferrer = Request.UrlReferrer != null ? Request.UrlReferrer.ToString() : "~/";
var urlReferrer = Request.UrlReferrer != null && Request.IsLocalUrl(Request.UrlReferrer.ToString()) ? Request.UrlReferrer.ToString() : "~/";
if (form == null) {
Logger.Warning("The specified form \"{0}\" could not be found.", formName);