Return URL to disallow external links

rxtur · rxtur · commit e0301d4ef809 · 2021-10-24T22:07:21.000-05:00
diff --git a/src/Blogifier.Admin/Pages/Account/Login.razor.cs b/src/Blogifier.Admin/Pages/Account/Login.razor.cs
@@ -19,6 +19,9 @@ public async Task LoginUser()
             if (QueryHelpers.ParseQuery(uri.Query).TryGetValue("returnUrl", out var param))
                 returnUrl = param.First();
 
+			if(returnUrl.StartsWith("http"))
+				returnUrl = "admin/";
+
             var result = await Http.PostAsJsonAsync<LoginModel>("api/author/login", model);
 
 			if (result.IsSuccessStatusCode)
diff --git a/src/Blogifier/Controllers/HomeController.cs b/src/Blogifier/Controllers/HomeController.cs
@@ -63,7 +63,7 @@ public async Task<IActionResult> Index(string slug)
         [HttpGet("/admin")]
         public async Task<IActionResult> Admin()
         {
-            return File("~/index.html", "text/html");
+            return await Task.FromResult(File("~/index.html", "text/html"));
         }
 
         [HttpPost]

Original file line number	Diff line number	Diff line change
`@@ -63,7 +63,7 @@ public async Task<IActionResult> Index(string slug)`
`63`	`63`	`[HttpGet("/admin")]`
`64`	`64`	`public async Task<IActionResult> Admin()`
`65`	`65`	`{`
`66`		`- return File("~/index.html", "text/html");`
	`66`	`+ return await Task.FromResult(File("~/index.html", "text/html"));`
`67`	`67`	`}`
`68`	`68`
`69`	`69`	`[HttpPost]`