Sign Up ›

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Lokesh KumarLokesh Kumar 

App Logic Vulnerability Prevention Prevent Open Redirects in Your Code

Not able to pass this Challenge PFB screen shot.
My Save Method code.

  
public PageReference save(){
        PageReference savePage;
        if (Schema.SObjectType.Resource_Type__c.isCreateable()){
            try{

                insert rtype;

                String completion = ApexPages.currentPage().getParameters().get('finishURL');
                system.debug('First$'+completion);
        if(completion.startsWith('/')){
        system.debug('Second$'+completion);
            completion.replaceFirst('/','');
system.debug('Third$'+completion);
        }
        savePage = new PageReference('/'+completion);
        
        savePage.setRedirect(true);
        return savePage;
            

            }catch (exception e){
                ApexPages.addmessage(new ApexPages.message(ApexPages.severity.ERROR, 'Unable to update requisitions.  Exception: ' + e.getMessage()));
                return null;
            } 
        }else{
            ApexPages.addmessage(new ApexPages.message(ApexPages.severity.ERROR, 'You do not have permission to update requisitions'));
            return null;
        }
    }


User-added image 
Randy SchultzRandy Schultz

amit, you should not be giving such bad advice..

You code is close. You should assign the returned string from the call of replaceFirst method since it does not modify the original;
Sales Force doc does not clearly indicate that... The example does.

https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_methods_system_string.htm 

completion = completion.replaceFirst('/','');

 
Felix Markman 16Felix Markman 16
I have the exact same problem. Stumped. I posted my question here: 
https://developer.salesforce.com/forums/ForumsMain?id=9062I000000IG7WQAW