session_controller.rb
code Critical
Redirect
Discovered 6 months ago
Source: static code analysis
Category: Redirect
Confidence level: High

Problem

Possible unprotected redirect

Location

app/controllers/session_controller.rb:188

redirect_to(SiteSetting.discourse_connect_not_approved_url)

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/session_controller.rb or mark it as false positive.

users_controller.rb
code Critical
Redirect
Discovered 6 months ago
Source: static code analysis
Category: Redirect
Confidence level: High

Problem

Possible unprotected redirect

Location

app/controllers/users_controller.rb:936

redirect_to(cookies.delete(:destination_url))

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/users_controller.rb or mark it as false positive.

application_controller.rb
code Critical
Redirect
Discovered 6 months ago
Source: static code analysis
Category: Redirect
Confidence level: High

Problem

Possible unprotected redirect

Location

app/controllers/application_controller.rb:546

redirect_to(Permalink.find_by_url(path).target_url, :status => :moved_permanently)

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/application_controller.rb or mark it as false positive.

static_controller.rb
code Critical
Redirect
Discovered 6 months ago
Source: static code analysis
Category: Redirect
Confidence level: High

Problem

Possible unprotected redirect

Location

app/controllers/static_controller.rb:32

redirect_to(SiteSetting.get(map[params[:id]][:redirect]))

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/static_controller.rb or mark it as false positive.

permalinks_controller.rb
code Critical
Redirect
Discovered 6 months ago
Source: static code analysis
Category: Redirect
Confidence level: High

Problem

Possible unprotected redirect

Location

app/controllers/permalinks_controller.rb:14

redirect_to(Permalink.find_by_url(request.fullpath).target_url, :status => :moved_permanently)

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/permalinks_controller.rb or mark it as false positive.

tags_controller.rb
code Critical
Redirect
Discovered 6 months ago
Source: static code analysis
Category: Redirect
Confidence level: High

Problem

Possible unprotected redirect

Location

app/controllers/tags_controller.rb:374

redirect_to("#{Discourse.base_path}/tags#{Permalink.find_by_url("c/#{params[:category_slug_path_with_id]}").target_url}/#{params[:tag_id]}", :status => :moved_permanently)

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/tags_controller.rb or mark it as false positive.

users_controller.rb
code Moderate
Redirect
Discovered 6 months ago
Source: static code analysis
Category: Redirect
Confidence level: Weak

Problem

Possible unprotected redirect

Location

app/controllers/users_controller.rb:983

redirect_to(((session_sso_provider_url + "?") + cookies.delete(:sso_payload)))

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/users_controller.rb or mark it as false positive.

svg_sprite_controller.rb
code Moderate
Redirect
Discovered 6 months ago
Source: static code analysis
Category: Redirect
Confidence level: Weak

Problem

Possible unprotected redirect

Location

app/controllers/svg_sprite_controller.rb:18

redirect_to(path(SvgSprite.path(params[:theme_ids].split(",").map(&:to_i))))

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/svg_sprite_controller.rb or mark it as false positive.

users_controller.rb
code Moderate
Redirect
Discovered 6 months ago
Source: static code analysis
Category: Redirect
Confidence level: Weak

Problem

Possible unprotected redirect

Location

app/controllers/users_controller.rb:934

redirect_to(((session_sso_provider_url + "?") + cookies.delete(:sso_payload)))

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/users_controller.rb or mark it as false positive.

posts_controller.rb
code Moderate
Redirect
Discovered 6 months ago
Source: static code analysis
Category: Redirect
Confidence level: Weak

Problem

Possible unprotected redirect

Location

app/controllers/posts_controller.rb:162

redirect_to(path(Post.find(params[:post_id].to_i).url))

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/posts_controller.rb or mark it as false positive.