master/synapse
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
ddc7627b22
synapse/changelog.d/18909.bugfix
Eric Eastwood 6f9fab1089
Fix open redirect in legacy SSO flow (idp) (#18909) 
- Validate the `idp` parameter to only accept the ones that are known in
the config file
- URL-encode the `idp` parameter for safety's sake (this is the main
fix)

Fix https://github.com/matrix-org/internal-config/issues/1651 (internal
link)

Regressed in https://github.com/element-hq/synapse/pull/17972
2025-09-17 13:54:47 -05:00

2 lines
69 B
Plaintext
Raw Blame History

Fix open redirect in legacy SSO flow with the `idp` query parameter.
Reference in New Issue View Git Blame Copy Permalink