aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-17 22:14:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix a bunch of open redirect vulns

Browse Source
This commit is contained in:
nicolas.dorier
2022-05-13 10:26:20 +09:00
parent e597b2177c
commit 4eb143c265
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
BTCPayServer/Controllers/UINotificationsController.cs
View File

@@ -217,7 +217,7 @@ namespace BTCPayServer.Controllers
return NotFound();
}
await _notificationManager.ToggleSeen(new NotificationsQuery() { Seen = false, UserId = userId }, true);
return Redirect(returnUrl);
return LocalRedirect(returnUrl);
}
private bool ValidUserClaim(out string userId)