Potential fix for code scanning alert no. 636: URL redirection from remote source (#7760)

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

apps/api/plane/utils/path_validator.py

@@ -3,18 +3,20 @@ from urllib.parse import urlparse
 
 
 def validate_next_path(next_path: str) -> str:
-    """Validates that next_path is a valid path and extracts only the path component."""
+    """Validates that next_path is a safe relative path for redirection."""
+    # Browsers interpret backslashes as forward slashes. Remove all backslashes.
+    next_path = next_path.replace("\\", "")
     parsed_url = urlparse(next_path)
 
-    # Ensure next_path is not an absolute URL
+    # Block absolute URLs or anything with scheme/netloc
     if parsed_url.scheme or parsed_url.netloc:
         next_path = parsed_url.path  # Extract only the path component
 
-    # Ensure it starts with a forward slash (indicating a valid relative path)
-    if not next_path.startswith("/"):
+    # Must start with a forward slash and not be empty
+    if not next_path or not next_path.startswith("/"):
         return ""
 
-    # Ensure it does not contain dangerous path traversal sequences
+    # Prevent path traversal
     if ".." in next_path:
         return ""