laravel · ahmad-cit22 · Oct 23, 2025 · Oct 23, 2025
diff --git a/src/Illuminate/Routing/UrlGenerator.php b/src/Illuminate/Routing/UrlGenerator.php
@@ -175,16 +175,109 @@ public function previous($fallback = false)
     }
 
     /**
-     * Get the previous path info for the request.
+     * Get the previous path for the request.
      *
      * @param  mixed  $fallback
+     * @param  bool  $securityCheck  Whether to check for potential security vulnerabilities
      * @return string
      */
-    public function previousPath($fallback = false)
+    public function previousPath($fallback = false, $securityCheck = false)
     {
-        $previousPath = str_replace($this->to('/'), '', rtrim(preg_replace('/\?.*/', '', $this->previous($fallback)), '/'));
+        if (! $securityCheck) {
+            $previousPath = str_replace($this->to('/'), '', rtrim(preg_replace('/\?.*/', '', $this->previous($fallback)), '/'));
 
-        return $previousPath === '' ? '/' : $previousPath;
+            return $previousPath === '' ? '/' : $previousPath;
+        }
+
+        $referrer = $this->request->headers->get('referer');
+
+        if (! $referrer) {
+            $referrer = $this->getPreviousUrlFromSession();
+        }
+
+        if (! $referrer) {
+            return $this->getPathFromUrl($fallback);
+        }
+
+        return $this->getSecurePreviousPath($referrer, $fallback);
+    }
+
+    /**
+     * Get the secure previous path with security checks.
+     *
+     * @param  string  $referrer
+     * @param  mixed  $fallback
+     * @return string
+     */
+    protected function getSecurePreviousPath($referrer, $fallback = false): string
+    {
+        if ($this->isDangerousUrl($referrer)) {
+            return $this->getPathFromUrl($fallback);
+        }
+
+        $previous = $this->to($referrer);
+        $previousUrlComponents = parse_url($previous);
+        $appUrlComponents = parse_url($this->to('/'));
+
+        if (! $this->isSameOrigin($previousUrlComponents, $appUrlComponents)) {
+            $previous = $fallback ? $this->to($fallback) : $this->to('/');
+        }
+
+        return $this->getPathFromUrl($previous);
+    }
+
+    /**
+     * Check for dangerous schemes like javascript, data, or file.
+     *
+     * @param  string  $url
+     * @return bool
+     */
+    protected function isDangerousUrl($url)
+    {
+        // will return true if the URL starts with javascript, data, or file
+        return preg_match('/^(javascript|data|file):/i', $url);
+    }
+
+    /**
+     * Determine if two URLs are from the same origin, matching host, scheme, and port.
+     *
+     * @param  array|false  $urlOneComponents
+     * @param  array|false  $urlTwoComponents
+     * @return bool
+     */
+    protected function isSameOrigin($urlOneComponents, $urlTwoComponents)
+    {
+        if ($urlOneComponents === false || $urlTwoComponents === false) {
+            return false;
+        }
+
+        $hostOne = $urlOneComponents['host'] ?? null;
+        $hostTwo = $urlTwoComponents['host'] ?? null;
+        $schemeOne = $urlOneComponents['scheme'] ?? null;
+        $schemeTwo = $urlTwoComponents['scheme'] ?? null;
+        $portOne = $urlOneComponents['port'] ?? null;
+        $portTwo = $urlTwoComponents['port'] ?? null;
+
+        if (! $hostOne || ! $hostTwo || ! $schemeOne || ! $schemeTwo) {
+            return false;
+        }
+
+        return strtolower($hostOne) === strtolower($hostTwo) &&
+            $schemeOne === $schemeTwo &&
+            $portOne === $portTwo;
+    }
+
+    /**
+     * Extract path from a URL.
+     *
+     * @param  mixed  $url
+     * @return string
+     */
+    protected function getPathFromUrl($url)
+    {
+        $path = $url ? parse_url($this->to($url), PHP_URL_PATH) ?? '/' : '/';
+
+        return rtrim($path, '/') ?: '/';
     }
 
     /**