登录后重定向地址不允许跳转到外部地址

2022-12-15 23:27:18 +08:00
parent 26f6781a62
commit 96d1d7c4fd
2 changed files with 30 additions and 17 deletions
--- a/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java
+++ b/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java
@@ -217,6 +217,13 @@ public class LoginController extends BaseController{
 		if (StringUtils.isBlank(successUrl)){
 			successUrl = (String)request.getAttribute("__url");
 		}
+		if (StringUtils.contains(successUrl, "://")){
+			String domain = ServletUtils.getRequestDomain(successUrl);
+			successUrl = StringUtils.substring(successUrl, domain.length());
+			if (StringUtils.startsWith(successUrl, request.getContextPath())) {
+				successUrl = StringUtils.substringAfter(successUrl, request.getContextPath());
+			}
+		}
 		if (StringUtils.isBlank(successUrl)){
 			successUrl = Global.getProperty("shiro.successUrl");
 		}