diff options
author | zeripath <art27@cantab.net> | 2020-08-08 23:39:40 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-08-08 18:39:40 -0400 |
commit | 02e990a89bcb1e55ea4b71f51cc5c24bfe11f885 (patch) | |
tree | 4e86964e724cb842a372b60aa43fae62d98124d0 | |
parent | 78d17b4b432a4d670843e7e1d99a49e8ffea79b5 (diff) | |
download | gitea-02e990a89bcb1e55ea4b71f51cc5c24bfe11f885.tar.gz gitea-02e990a89bcb1e55ea4b71f51cc5c24bfe11f885.zip |
Prevent redirect back to /user/events (#12462)
This PR prevents 2 further ways of causing the redirect cookie to be set
to redirect back to /user/events
Signed-off-by: Andrew Thornton <art27@cantab.net>
-rw-r--r-- | modules/context/auth.go | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/modules/context/auth.go b/modules/context/auth.go index 86922aae59..14dfab7344 100644 --- a/modules/context/auth.go +++ b/modules/context/auth.go @@ -84,8 +84,9 @@ func Toggle(options *ToggleOptions) macaron.Handler { }) return } - - ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL) + if ctx.Req.URL.Path != "/user/events" { + ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL) + } ctx.Redirect(setting.AppSubURL + "/user/login") return } else if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm { @@ -120,7 +121,9 @@ func Toggle(options *ToggleOptions) macaron.Handler { // Redirect to log in page if auto-signin info is provided and has not signed in. if !options.SignOutRequired && !ctx.IsSigned && !auth.IsAPIPath(ctx.Req.URL.Path) && len(ctx.GetCookie(setting.CookieUserName)) > 0 { - ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL) + if ctx.Req.URL.Path != "/user/events" { + ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL) + } ctx.Redirect(setting.AppSubURL + "/user/login") return } |