Validating URL redirects

Relying on UrlHelper from System.Web.MVC to detect urls that are not local to the current application.
dpaquette · Oct 11, 2014 · f9e82c6 · f9e82c6
1 parent 55d301d
commit f9e82c6
Show file tree

Hide file tree

Showing 4 changed files with 76 additions and 8 deletions.
diff --git a/src/BugTracker.Web/BugTracker.Web.csproj b/src/BugTracker.Web/BugTracker.Web.csproj
@@ -44,6 +44,10 @@
       <HintPath>..\packages\Elasticsearch.Net.1.0.2\lib\Elasticsearch.Net.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.CSharp" />
+    <Reference Include="Microsoft.Web.Infrastructure, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <Private>True</Private>
+      <HintPath>..\packages\Microsoft.Web.Infrastructure.1.0.0.0\lib\net40\Microsoft.Web.Infrastructure.dll</HintPath>
+    </Reference>
     <Reference Include="Nest">
       <HintPath>..\packages\NEST.1.0.2\lib\Nest.dll</HintPath>
     </Reference>
@@ -67,6 +71,30 @@
     <Reference Include="System.Core" />
     <Reference Include="System.Data.DataSetExtensions" />
     <Reference Include="System.Web.Extensions" />
+    <Reference Include="System.Web.Helpers, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\packages\Microsoft.AspNet.WebPages.3.2.2\lib\net45\System.Web.Helpers.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Web.Mvc, Version=5.2.2.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\packages\Microsoft.AspNet.Mvc.5.2.2\lib\net45\System.Web.Mvc.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Web.Razor, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\packages\Microsoft.AspNet.Razor.3.2.2\lib\net45\System.Web.Razor.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Web.WebPages, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\packages\Microsoft.AspNet.WebPages.3.2.2\lib\net45\System.Web.WebPages.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Web.WebPages.Deployment, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\packages\Microsoft.AspNet.WebPages.3.2.2\lib\net45\System.Web.WebPages.Deployment.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\packages\Microsoft.AspNet.WebPages.3.2.2\lib\net45\System.Web.WebPages.Razor.dll</HintPath>
+    </Reference>
     <Reference Include="System.Xml.Linq" />
     <Reference Include="System.Drawing" />
     <Reference Include="System.Web" />

diff --git a/src/BugTracker.Web/Web.config b/src/BugTracker.Web/Web.config
@@ -525,8 +525,7 @@
 		<!--
 			If you want replies to be generated automatically.
 		-->
-		<add key="AutoReplyText" value="Thanks for you email.
-Don't call us, we'll call you."/>
+		<add key="AutoReplyText" value="Thanks for you email.&#xD;&#xA;Don't call us, we'll call you."/>
 		<add key="AutoReplyUseHtmlEmailFormat" value="0"/> 
 
 		<!--
@@ -986,4 +985,42 @@ Don't call us, we'll call you."/>
 
 
 	</appSettings>
+	<runtime>
+
+	<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
+
+
+	<dependentAssembly>
+
+
+
+	<assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35"/>
+
+
+
+	<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0"/>
+
+
+	</dependentAssembly>
+
+
+	<dependentAssembly>
+
+
+
+	<assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35"/>
+
+
+
+	<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0"/>
+
+
+	</dependentAssembly>
+	<dependentAssembly>
+	<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35"/>
+	<bindingRedirect oldVersion="1.0.0.0-5.2.2.0" newVersion="5.2.2.0"/>
+	</dependentAssembly>
+
+	</assemblyBinding>
+	</runtime>
 </configuration>
diff --git a/src/BugTracker.Web/btnet/util.cs b/src/BugTracker.Web/btnet/util.cs
@@ -4,12 +4,15 @@ Distributed under the terms of the GNU General Public License
 */
 
 using System;
+using System.Security.Policy;
 using System.Web;
 using System.Data;
 using System.Collections.Specialized;
 using System.IO;
 using System.Text.RegularExpressions;
 using System.Collections.Generic;
+using System.Web.Mvc;
+using System.Web.Routing;
 using NLog;
 
 namespace btnet
@@ -1079,12 +1082,12 @@ public static string request_to_string_for_sql(string val, string datatype)
         ///////////////////////////////////////////////////////////////////////
         public static void redirect(HttpRequest Request, HttpResponse Response)
         {
-
             // redirect to the page the user was going to or start off with bugs.aspx
             string url = Request.QueryString["url"];
             string qs = Request.QueryString["qs"];
 
-            if (String.IsNullOrEmpty(url))
+            UrlHelper urlHelper = new UrlHelper(Request.RequestContext);
+            if (String.IsNullOrEmpty(url) || !urlHelper.IsLocalUrl(url))
             {
                 string mobile = Request["mobile"];
                 if (String.IsNullOrEmpty(mobile))
@@ -1095,10 +1098,6 @@ public static void redirect(HttpRequest Request, HttpResponse Response)
                     Response.Redirect("mbugs.aspx");
                 }
             }
-            else if (url == Request.ServerVariables["URL"])  // I can't remember what this code means...
-            {
-                Response.Redirect("bugs.aspx");
-            }
             else
             {
                 Response.Redirect(remove_line_breaks(url) + "?" + remove_line_breaks(HttpUtility.UrlDecode(qs)));

diff --git a/src/BugTracker.Web/packages.config b/src/BugTracker.Web/packages.config
@@ -3,6 +3,10 @@
   <package id="ckeditor-standard" version="4.4.4" targetFramework="net45" />
   <package id="Elasticsearch.Net" version="1.0.2" targetFramework="net45" />
   <package id="jQuery" version="1.11.1" targetFramework="net45" />
+  <package id="Microsoft.AspNet.Mvc" version="5.2.2" targetFramework="net45" />
+  <package id="Microsoft.AspNet.Razor" version="3.2.2" targetFramework="net45" />
+  <package id="Microsoft.AspNet.WebPages" version="3.2.2" targetFramework="net45" />
+  <package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net45" />
   <package id="NEST" version="1.0.2" targetFramework="net45" />
   <package id="Newtonsoft.Json" version="6.0.4" targetFramework="net45" />
   <package id="NLog" version="3.1.0.0" targetFramework="net45" />