From 2eae104c7a4bf32bc26cb8073d5c40464bfda3f7 Mon Sep 17 00:00:00 2001
From: Andy Miller <rhuk@mac.com>
Date: Wed, 18 Mar 2020 17:32:46 -0600
Subject: [PATCH] Fix for user reported CVE path-based open redirect

---
 CHANGELOG.md                    | 1 +
 system/src/Grav/Common/Grav.php | 5 ++++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e01d94c83..75d912451 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@
     * Moved `Parsedown` 1.6 and `ParsedownExtra` 0.7 into `Grav\Framework\Parsedown` to allow fixes
 1. [](#bugfix)
     * Fixed PHP 7.4 issue in ParsedownExtra [#2832](https://github.com/getgrav/grav/issues/2832)
+    * Fix for [user reported](https://twitter.com/OriginalSicksec) CVE path-based open redirect
 
 # v1.6.22
 ## 03/05/2020
diff --git a/system/src/Grav/Common/Grav.php b/system/src/Grav/Common/Grav.php
index 2f9b37329..c7287dbd6 100644
--- a/system/src/Grav/Common/Grav.php
+++ b/system/src/Grav/Common/Grav.php
@@ -316,7 +316,10 @@ class Grav extends Container
         /** @var Uri $uri */
         $uri = $this['uri'];
 
-        //Check for code in route
+        // Clean route for redirect
+        $route = preg_replace("#^\/[\\\/]+\/#", '/', $route);
+
+         // Check for code in route
         $regex = '/.*(\[(30[1-7])\])$/';
         preg_match($regex, $route, $matches);
         if ($matches) {