Skip to content
This repository has been archived by the owner on Jan 24, 2019. It is now read-only.

Improve redirect checks #359

Merged
merged 1 commit into from
Mar 29, 2017
Merged

Improve redirect checks #359

merged 1 commit into from
Mar 29, 2017

Conversation

jehiah
Copy link
Member

@jehiah jehiah commented Mar 29, 2017

The current parsing of the "rd" and "state" query parameters allow for an open redirect, if the rd values is of the form //domain.com/.

Fixes #228

@jehiah jehiah added the bug label Mar 29, 2017
@jehiah jehiah self-assigned this Mar 29, 2017
@jehiah jehiah merged commit 86d0832 into bitly:master Mar 29, 2017
@jehiah jehiah deleted the redirect_check_359 branch April 24, 2017 16:25
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Development

Successfully merging this pull request may close these issues.

1 participant