Don't double absolute url

Signed-off-by: Carl Schwan <[email protected]>
nextcloud · PVince81 · Jan 25, 2022 · Jan 25, 2022 · Jan 25, 2022 · Jan 27, 2022
commit b32c7e6926e2bb2ae0f1ed5bce7b4eda564e2685
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
@@ -267,7 +267,12 @@ private function canResetPassword(?string $passwordLink, ?IUser $user): bool {
 
 	private function generateRedirect(?string $redirectUrl): RedirectResponse {
 		if ($redirectUrl !== null && $this->userSession->isLoggedIn()) {
-			$location = $this->urlGenerator->getAbsoluteURL($redirectUrl);
+			$location = null;
+			if (str_starts_with($redirectUrl, 'http')) {
+				$location = $redirectUrl;
+			} else {
+				$location = $this->urlGenerator->getAbsoluteURL($redirectUrl);
+			}
 			// Deny the redirect if the URL contains a @
 			// This prevents unvalidated redirects like ?redirect_url=:[email protected]
 			if (strpos($location, '@') === false) {