From b2186aab99aa891f8a2cfaa949d015039c18c107 Mon Sep 17 00:00:00 2001
From: seboo <25958061+seboo@users.noreply.github.com>
Date: Wed, 1 Aug 2018 15:33:37 +0200
Subject: [PATCH] EXTENDCOMM-55 : Avoid open redirect when deleting a comment

---
 .../extend/modules/comment/web/CommentApp.java       | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/java/fr/paris/lutece/plugins/extend/modules/comment/web/CommentApp.java b/src/java/fr/paris/lutece/plugins/extend/modules/comment/web/CommentApp.java
index 87b6fa0..a3f13a8 100644
--- a/src/java/fr/paris/lutece/plugins/extend/modules/comment/web/CommentApp.java
+++ b/src/java/fr/paris/lutece/plugins/extend/modules/comment/web/CommentApp.java
@@ -100,6 +100,7 @@
 import fr.paris.lutece.util.html.Paginator;
 import fr.paris.lutece.util.http.SecurityUtil;
 import fr.paris.lutece.util.url.UrlItem;
+import java.net.MalformedURLException;
 
 
 /**
@@ -874,7 +875,16 @@ private XPage doRemoveComment( HttpServletRequest request, String strIdExtendabl
                 HttpServletResponse response = LocalVariables.getResponse(  );
                 try
                 {
-                    response.sendRedirect( strFromUrl );
+                    // Open redirect control (set baseUrl in lutece properties in case of ReverseProxy)
+                    if ( strFromUrl.startsWith( AppPathService.getBaseUrl( request ) ) )
+                    {
+                        response.sendRedirect( strFromUrl );
+                    }
+                    else
+                    {
+                        AppLogService.error( "WARNING : Incorrect base URL", new MalformedURLException() );
+                    }
+                    
                 }
                 catch (IOException e)
                 {