HOR-3396 Authenticated Open Redirect

- Cleaning protocols in url redirect.

workflow/engine/methods/login/login.php

@@ -33,10 +33,22 @@ if ($browserSupported==false){
 /*----------------------------------********---------------------------------*/
 $aFields = array();
 
-if (!isset($_GET['u'])) {
+//Validated redirect url
-    $aFields['URL'] = '';
+$aFields['URL'] = '';
-} else {
+if (!empty($_GET['u'])) {
-    $aFields['URL'] = htmlspecialchars(addslashes(stripslashes(strip_tags(trim(urldecode($_GET['u']))))));
+    //clean url with protocols
+    $flagUrl = true;
+    $protocols = ['https://', 'http://', 'ftp://', 'www.'];
+    foreach ($protocols as $protocol) {
+        if (strpos($_GET['u'], $protocol) !== false) {
+            $_GET['u'] = '';
+            $flagUrl = false;
+            break;
+        }
+    }
+    if ($flagUrl) {
+        $aFields['URL'] = htmlspecialchars(addslashes(stripslashes(strip_tags(trim(urldecode($_GET['u']))))));
+    }
 }
 
 if (!isset($_SESSION['G_MESSAGE'])) {