[2.x] `LogoutController` permits open redirects

[imorland]

Current Behavior

By manipulating the /logout endpoint, it is possible to trigger a redirect to any other url.

Steps to Reproduce

Visit /logout?return=https://evil.com, notice you are redirected to evil.com

Expected Behavior

By default, redirection to other hosts should not be permitted. It should be possible to create a whitelist of domains permitted in neccessary.

Screenshots

No response

Environment

• Flarum version: x.y.z
• Website URL: http://example.com
• Webserver: [e.g. apache, nginx]
• Hosting environment: [e.g. shared, vps]
• PHP version: x.y.z
• Browser: [e.g. chrome 67, safari 11]

Output of php flarum info

Output of "php flarum info", run this in terminal in your Flarum directory.

Possible Solution

Fixed on the 1.x branch https://github.com/flarum/framework/pull/3948

Should we follow the same approach, or consider something different? Maybe Introduce a RedirectsServiceProvider as a central place for redirections to reference permitted domains? Perhaps extend RedirectRespose so that it can handle permitted domains behind the scenes?

Additional Context

No response