projects / shibboleth / cpp-sp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
https://issues.shibboleth.net/jira/browse/SSPCPP-352
[shibboleth/cpp-sp.git] / shibsp / handler / impl / LocalLogoutInitiator.cpp
diff --git a/shibsp/handler/impl/LocalLogoutInitiator.cpp b/shibsp/handler/impl/LocalLogoutInitiator.cpp
index aba50f9..52ed0d0 100644 (file)
--- a/shibsp/handler/impl/LocalLogoutInitiator.cpp
+++ b/shibsp/handler/impl/LocalLogoutInitiator.cpp
@@ -197,7 +197,13 @@ pair<bool,long> LocalLogoutInitiator::doRequest(
     // Route back to return location specified, or use the local template.
     const char* dest = httpRequest.getParameter("return");
     if (dest) {
-        limitRelayState(m_log, application, httpRequest, dest);
+        // Relative URLs get promoted, absolutes get validated.
+        if (*dest == '/') {
+            string d(dest);
+            httpRequest.absolutize(d);
+            return make_pair(true, httpResponse.sendRedirect(d.c_str()));
+        }
+        application.limitRedirect(httpRequest, dest);
         return make_pair(true, httpResponse.sendRedirect(dest));
     }
     return sendLogoutPage(application, httpRequest, httpResponse, "local");
Unnamed repository; edit this file 'description' to name the repository.