redirect to backend if request uri isn't valid

engcom-Charlie · engcom-Charlie · commit 217c32c91a96 · 2020-12-21T13:54:58.000+02:00
diff --git a/app/code/Magento/Backend/Controller/Adminhtml/Auth/Login.php b/app/code/Magento/Backend/Controller/Adminhtml/Auth/Login.php
@@ -48,6 +48,11 @@ public function execute()
             return $this->getRedirect($this->_backendUrl->getStartupPageUrl());
         }
 
+        $requestUrl = $this->getRequest()->getUri();
+        if (!$requestUrl->isValid()) {
+            return $this->getRedirect($this->getUrl('*'));
+        }
+
         return $this->resultPageFactory->create();
     }
 
diff --git a/app/code/Magento/User/Controller/Adminhtml/User/Save.php b/app/code/Magento/User/Controller/Adminhtml/User/Save.php
@@ -105,7 +105,7 @@ public function execute()
             $this->getSecurityCookie()->setLogoutReasonCookie(
                 \Magento\Security\Model\AdminSessionsManager::LOGOUT_REASON_USER_LOCKED
             );
-            $this->_redirect('adminhtml/*/');
+            $this->_redirect('*');
         } catch (NotificationExceptionInterface $exception) {
             $this->messageManager->addErrorMessage($exception->getMessage());
         } catch (\Magento\Framework\Exception\AuthenticationException $e) {

Original file line number	Diff line number	Diff line change
`@@ -48,6 +48,11 @@ public function execute()`
`48`	`48`	`return $this->getRedirect($this->_backendUrl->getStartupPageUrl());`
`49`	`49`	`}`
`50`	`50`
	`51`	`+ $requestUrl = $this->getRequest()->getUri();`
	`52`	`+ if (!$requestUrl->isValid()) {`
	`53`	`+ return $this->getRedirect($this->getUrl('*'));`
	`54`	`+ }`
	`55`	`+`
`51`	`56`	`return $this->resultPageFactory->create();`
`52`	`57`	`}`
`53`	`58`