Fix open redirect

AfRApay.Web/Pages/EditUser.cshtml.cs

@@ -63,7 +63,7 @@ public class EditUserModel : PageModel {
 		if (Request.Form["action"] == "save" && Request.Form.ContainsKey("nickname") && !string.IsNullOrWhiteSpace(Request.Form["nickname"])) {
 			var nick = Request.Form["nickname"].ToString();
 			if (db.Users.Any(p => p.Nickname == nick && p.Id != userId)) {
-				Response.Redirect($"/ErrorRedirect?redir=/EditUser/{userId}&message=" + WebUtility.UrlEncode("User with nick already exists."));
+				Response.Redirect($"/ErrorRedirect?redir=EditUser/{userId}&message=" + WebUtility.UrlEncode("User with nick already exists."));
 				return;
 			}
 

AfRApay.Web/Pages/ErrorRedirect.cshtml

@@ -1,10 +1,11 @@
 @page
 @{
 	ViewData["Title"] = "Error";
+	var target = "/" + Request.Query["redir"];
 }
 
 @section Header {
-	<meta http-equiv="refresh" content="5;@(Request.Query.ContainsKey("redir") ? Request.Query["redir"] : "/")"/>
+	<meta http-equiv="refresh" content="5;@target"/>
 }
 <div class="alert alert-danger" role="alert">
 	@Request.Query["message"]

AfRApay.Web/Pages/Index.cshtml.cs

@@ -32,7 +32,7 @@ public class IndexModel : PageModel {
 			if (Request.Form.ContainsKey("nickname") && !string.IsNullOrWhiteSpace(Request.Form["nickname"])) {
 				var nick = Request.Form["nickname"];
 				if (db.Users.Any(p => p.Nickname == nick.ToString())) {
-					Response.Redirect("/ErrorRedirect?redir=/%23add_user&message=" + WebUtility.UrlEncode("User with nick already exists."));
+					Response.Redirect("/ErrorRedirect?redir=%23add_user&message=" + WebUtility.UrlEncode("User with nick already exists."));
 					return;
 				}
 
@@ -43,7 +43,7 @@ public class IndexModel : PageModel {
 				return;
 			}
 
-			Response.Redirect("/ErrorRedirect?redir=/%23add_user&message=" + WebUtility.UrlEncode("Nickname must not be empty."));
+			Response.Redirect("/ErrorRedirect?redir=%23add_user&message=" + WebUtility.UrlEncode("Nickname must not be empty."));
 		}
 		else {
 			Response.Redirect("/");