PHP sanitization for "/login?to=" redirect?

Question

I tried to find a sanitization of the redirect path, but could not find any.

Just a login module?

$module->login_html(qa_opt('site_url').qa_get('to'), 'login');

Could anybody just tell how secure the url handling is? And where to see it? Thanks.

Comments

I don't think there needs to be security on the redirection, it can only redirect to a page on your site. Can you provide an example of when it would be insecure?

---

"URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination."
http://projects.webappsec.org/w/page/13246981/URL%20Redirector%20Abuse

I tried to hack the to-parameter: http://www.question2answer.org/qa/login?to=http://www.google.de/ but this gives a page-not-found.

So I guess it is safe ;)

---

To me it just redirects to the Q2A homepage.