rspec/rules/S5146/php/rule.adoc

include::../description.adoc[]

== Noncompliant Code Example

----
$url = $this->request->getQuery("url");
return $this->redirect($url); // Noncompliant
----

== Compliant Solution

----
$whitelist = array(
  "https://www.sonarsource.com/"
);
$url = $this->request->getQuery("url");
if (in_array($url, $whitelist)) {
  return $this->redirect($url);
} else {
  throw new ForbiddenException();
}
----

include::../see.adoc[]
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`include::../description.adoc[]`

			`== Noncompliant Code Example`

			`----`
			`$url = $this->request->getQuery("url");`
			`return $this->redirect($url); // Noncompliant`
			`----`

			`== Compliant Solution`

			`----`
			`$whitelist = array(`
			`"https://www.sonarsource.com/"`
			`);`
			`$url = $this->request->getQuery("url");`
			`if (in_array($url, $whitelist)) {`
			`return $this->redirect($url);`
			`} else {`
			`throw new ForbiddenException();`
			`}`
			`----`

			`include::../see.adoc[]`