permalinks_controller.rb
code Critical
Redirect
Discovered almost 5 years ago
Source: static code analysis
Category: Redirect
Confidence level: High

Problem

Possible unprotected redirect

Location

app/controllers/permalinks_controller.rb:14

redirect_to(Permalink.find_by_url(request.fullpath).target_url, :status => :moved_permanently)

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/permalinks_controller.rb or mark it as false positive.

posts_controller.rb
code Critical
Redirect
Discovered almost 5 years ago
Source: static code analysis
Category: Redirect
Confidence level: High

Problem

Possible unprotected redirect

Location

app/controllers/posts_controller.rb:131

redirect_to(Post.find(params[:post_id].to_i).url)

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/posts_controller.rb or mark it as false positive.

list_controller.rb
code Critical
Redirect
Discovered almost 5 years ago
Source: static code analysis
Category: Redirect
Confidence level: High

Problem

Possible unprotected redirect

Location

app/controllers/list_controller.rb:359

redirect_to(Permalink.find_by_url(request.fullpath).external_url, :status => :moved_permanently)

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/list_controller.rb or mark it as false positive.

static_controller.rb
code Critical
Redirect
Discovered almost 5 years ago
Source: static code analysis
Category: Redirect
Confidence level: High

Problem

Possible unprotected redirect

Location

app/controllers/static_controller.rb:25

redirect_to(SiteSetting.send({ "faq" => ({ :redirect => "faq_url", :topic_id => "guidelines_topic_id" }), "tos" => ({ :redirect => "tos_url", :topic_id => "tos_topic_id" }), "privacy" => ({ :redirect => "privacy_policy_url", :topic_id => "privacy_topic_id" }) }[params[:id]][:redirect]))

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/static_controller.rb or mark it as false positive.

session_controller.rb
code Critical
Redirect
Discovered almost 5 years ago
Source: static code analysis
Category: Redirect
Confidence level: High

Problem

Possible unprotected redirect

Location

app/controllers/session_controller.rb:32

redirect_to(DiscourseSingleSignOn.generate_sso(((params[:return_path] or path("/")) or "#{URI.parse((destination_url or session[:destination_url])).path}#{if URI.parse((destination_url or session[:destination_url])).query then
  ("?" << URI.parse((destination_url or session[:destination_url])).query)
else
  ""
end}")).to_url)

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/session_controller.rb or mark it as false positive.

permalinks_controller.rb
code Critical
Redirect
Discovered almost 5 years ago
Source: static code analysis
Category: Redirect
Confidence level: High

Problem

Possible unprotected redirect

Location

app/controllers/permalinks_controller.rb:12

redirect_to(Permalink.find_by_url(request.fullpath).external_url, :status => :moved_permanently)

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/permalinks_controller.rb or mark it as false positive.

session_controller.rb
code Critical
Redirect
Discovered almost 5 years ago
Source: static code analysis
Category: Redirect
Confidence level: High

Problem

Possible unprotected redirect

Location

app/controllers/session_controller.rb:135

redirect_to((DiscourseSingleSignOn.parse(request.query_string).return_path or path("/")))

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/session_controller.rb or mark it as false positive.

list_controller.rb
code Critical
Redirect
Discovered almost 5 years ago
Source: static code analysis
Category: Redirect
Confidence level: High

Problem

Possible unprotected redirect

Location

app/controllers/list_controller.rb:270

redirect_to(Category.find_by_id(params[:id].to_i).url, :status => 301)

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/list_controller.rb or mark it as false positive.

clicks_controller.rb
code Critical
Redirect
Discovered almost 5 years ago
Source: static code analysis
Category: Redirect
Confidence level: High

Problem

Possible unprotected redirect

Location

app/controllers/clicks_controller.rb:20

redirect_to(TopicLinkClick.create_from(track_params.merge(:ip => request.remote_ip)))

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/clicks_controller.rb or mark it as false positive.

session_controller.rb
code Critical
Redirect
Discovered almost 5 years ago
Source: static code analysis
Category: Redirect
Confidence level: High

Problem

Possible unprotected redirect

Location

app/controllers/session_controller.rb:106

redirect_to(SiteSetting.sso_not_approved_url)

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/session_controller.rb or mark it as false positive.

tags_controller.rb
code Critical
Redirect
Discovered almost 5 years ago
Source: static code analysis
Category: Redirect
Confidence level: High

Problem

Possible unprotected redirect

Location

app/controllers/tags_controller.rb:314

redirect_to("#{Discourse.base_uri}/tags#{Permalink.find_by_url(("c/#{params[:parent_category]}/#{params[:category]}" or "c/#{params[:category]}")).target_url}/#{params[:tag_id]}", :status => :moved_permanently)

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/tags_controller.rb or mark it as false positive.

list_controller.rb
code Critical
Redirect
Discovered almost 5 years ago
Source: static code analysis
Category: Redirect
Confidence level: High

Problem

Possible unprotected redirect

Location

app/controllers/list_controller.rb:361

redirect_to("#{Discourse.base_uri}#{Permalink.find_by_url(request.fullpath).target_url}", :status => :moved_permanently)

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/list_controller.rb or mark it as false positive.

invites_controller.rb
code Moderate
Redirect
Discovered almost 5 years ago
Source: static code analysis
Category: Redirect
Confidence level: Weak

Problem

Possible unprotected redirect

Location

app/controllers/invites_controller.rb:26

redirect_to(path("#{Invite.find_by(:invite_key => params[:id]).topics.first.relative_url}"))

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/invites_controller.rb or mark it as false positive.

invites_controller.rb
code Moderate
Redirect
Discovered almost 5 years ago
Source: static code analysis
Category: Redirect
Confidence level: Weak

Problem

Possible unprotected redirect

Location

app/controllers/invites_controller.rb:111

redirect_to(path("#{Invite.find_by(:invite_key => params[:token]).topics.first.relative_url}"))

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/invites_controller.rb or mark it as false positive.