From d1a6b3ffc1f7c55ab89fa25906040557f75feea1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Str=C3=B8m?= <danielss89@gmail.com>
Date: Sun, 8 Jun 2014 22:43:16 +0200
Subject: [PATCH] Fix login/logout redirect vulnerability

---
 src/ZfcUser/Controller/UserController.php           | 4 ++--
 tests/ZfcUserTest/Controller/UserControllerTest.php | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/ZfcUser/Controller/UserController.php b/src/ZfcUser/Controller/UserController.php
index 228222a7..6229d24b 100644
--- a/src/ZfcUser/Controller/UserController.php
+++ b/src/ZfcUser/Controller/UserController.php
@@ -118,7 +118,7 @@ public function logoutAction()
         $redirect = $this->params()->fromPost('redirect', $this->params()->fromQuery('redirect', false));
 
         if ($this->getOptions()->getUseRedirectParameterIfPresent() && $redirect) {
-            return $this->redirect()->toUrl($redirect);
+            return $this->redirect()->toRoute($redirect);
         }
 
         return $this->redirect()->toRoute($this->getOptions()->getLogoutRedirectRoute());
@@ -155,7 +155,7 @@ public function authenticateAction()
         }
 
         if ($this->getOptions()->getUseRedirectParameterIfPresent() && $redirect) {
-            return $this->redirect()->toUrl($redirect);
+            return $this->redirect()->toRoute($redirect);
         }
 
         return $this->redirect()->toRoute($this->getOptions()->getLoginRedirectRoute());
diff --git a/tests/ZfcUserTest/Controller/UserControllerTest.php b/tests/ZfcUserTest/Controller/UserControllerTest.php
index 15b575f6..95aab0a3 100644
--- a/tests/ZfcUserTest/Controller/UserControllerTest.php
+++ b/tests/ZfcUserTest/Controller/UserControllerTest.php
@@ -391,7 +391,7 @@ public function testLogoutAction($withRedirect, $post, $query)
                           ->method('getUseRedirectParameterIfPresent')
                           ->will($this->returnValue((bool) $withRedirect));
             $redirect->expects($this->any())
-                     ->method('toUrl')
+                     ->method('toRoute')
                      ->with($expectedLocation)
                      ->will($this->returnValue($response));
         } else {
@@ -510,7 +510,7 @@ public function testAuthenticateAction($wantRedirect, $post, $query, $prepareRes
 
             } elseif ($wantRedirect && $hasRedirect) {
                 $redirect->expects($this->once())
-                         ->method('toUrl')
+                         ->method('toRoute')
                          ->with(($post ?: $query ?: false))
                          ->will($this->returnValue($response));
             } else {