Suggestions for open redirect issues in fortify?

I'm using header() method to redirect page to another page. Then redirect variable is sanitized with html_special_chars() mathod and checked the full url with filter_var() method, still showing the bug.

Code:

$encoded_url = htmlspecialchars($loginUrl, ENT_QUOTES, 'UTF-8');
if (filter_var($encoded_url, FILTER_VALIDATE_URL))

{

header("location:".$encoded_url);

}

any possibilities to overcome this?

thanks in advance.

Parents
  • 0  

    Can you please attach a reproducible sample? I tried the following but didn't get any issues:

    <?php
    
    // Define a sample login URL
    $loginUrl = 'https://example.com/login.php?user=admin&token=123456';
    
    // Sanitize the URL
    $encoded_url = htmlspecialchars($loginUrl, ENT_QUOTES, 'UTF-8');
    
    // Validate the sanitized URL
    if (filter_var($encoded_url, FILTER_VALIDATE_URL)) {
        // Redirect to the validated and sanitized URL
        header("Location: " . $encoded_url);
        exit(); // Exit after the redirection to avoid further script execution
    } else {
        // Display an error message if the URL is not valid
        echo "Invalid URL!";
    }
    ?>

  • 0 in reply to   

    Thanks.

    This is my current code:

    $currentUrl = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";

    $encodedUrl = base64_encode($currentUrl);

    $baseUrl = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]";

    $loginUrl = $baseUrl . "/auth/login?redirect=" . urlencode($encodedUrl);

    header("Location: $loginUrl");
    exit();

    Fortify showing critical - open redirect bug on line - header("Location: $loginUrl");

    I applied the above validation on this, still fortify flagging as bug.

    Can you please give some suggestions?

Reply
  • 0 in reply to   

    Thanks.

    This is my current code:

    $currentUrl = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";

    $encodedUrl = base64_encode($currentUrl);

    $baseUrl = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]";

    $loginUrl = $baseUrl . "/auth/login?redirect=" . urlencode($encodedUrl);

    header("Location: $loginUrl");
    exit();

    Fortify showing critical - open redirect bug on line - header("Location: $loginUrl");

    I applied the above validation on this, still fortify flagging as bug.

    Can you please give some suggestions?

Children
No Data