git724/forgejo
1
0
Fork 0
Code Issues Pull requests 3 Projects 1 Releases Packages Wiki Activity

Prevent redirect to Host (#9678)

Browse source
This commit is contained in:
zeripath 2020-01-09 21:34:25 +00:00 committed by techknowlogick
commit 6c46a56360
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
modules/context/context.go
View file

@ -1,4 +1,5 @@
// Copyright 2014 The Gogs Authors. All rights reserved.
// Copyright 2020 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
@ -122,7 +123,7 @@ func (ctx *Context) RedirectToFirst(location ...string) {
}
u, err := url.Parse(loc)
if err != nil || (u.Scheme != "" && !strings.HasPrefix(strings.ToLower(loc), strings.ToLower(setting.AppURL))) {
if err != nil || ((u.Scheme != "" || u.Host != "") && !strings.HasPrefix(strings.ToLower(loc), strings.ToLower(setting.AppURL))) {
continue
}