Validate referer before redirecting

admin/src/AdminTrait.php

@@ -84,7 +84,7 @@ trait AdminTrait
      */
     protected function redirectToReferer($code = 302, $default = '/')
     {
-        if (!is_null(HTTPRequest::referer()) && HTTPRequest::referer() !== Uri::current()) {
+        if (HTTPRequest::validateReferer($this->uri('/')) && HTTPRequest::referer() !== Uri::current()) {
             Header::redirect(HTTPRequest::referer(), $code);
         } else {
             Header::redirect($this->uri($default), $code);

formwork/Utils/HTTPRequest.php

@@ -108,6 +108,19 @@ class HTTPRequest
         return static::hasHeader('Referer') ? static::$headers['Referer'] : null;
     }
 
+    /**
+     * Check if the request referer has the same origin
+     *
+     * @param string $path Optional URI path
+     *
+     * @return bool
+     */
+    public static function validateReferer($path = null)
+    {
+        $base = Uri::normalize(Uri::base() . '/' . ltrim($path, '/'));
+        return substr(static::referer(), 0, strlen($base)) === $base;
+    }
+
     /**
      * Get request origin
      *