summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2020-08-08 23:39:40 +0100
committerGitHub <noreply@github.com>2020-08-08 18:39:40 -0400
commit02e990a89bcb1e55ea4b71f51cc5c24bfe11f885 (patch)
tree4e86964e724cb842a372b60aa43fae62d98124d0
parent78d17b4b432a4d670843e7e1d99a49e8ffea79b5 (diff)
downloadgitea-02e990a89bcb1e55ea4b71f51cc5c24bfe11f885.tar.gz
gitea-02e990a89bcb1e55ea4b71f51cc5c24bfe11f885.zip
Prevent redirect back to /user/events (#12462)
This PR prevents 2 further ways of causing the redirect cookie to be set to redirect back to /user/events Signed-off-by: Andrew Thornton <art27@cantab.net>
-rw-r--r--modules/context/auth.go9
1 files changed, 6 insertions, 3 deletions
diff --git a/modules/context/auth.go b/modules/context/auth.go
index 86922aae59..14dfab7344 100644
--- a/modules/context/auth.go
+++ b/modules/context/auth.go
@@ -84,8 +84,9 @@ func Toggle(options *ToggleOptions) macaron.Handler {
})
return
}
-
- ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL)
+ if ctx.Req.URL.Path != "/user/events" {
+ ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL)
+ }
ctx.Redirect(setting.AppSubURL + "/user/login")
return
} else if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
@@ -120,7 +121,9 @@ func Toggle(options *ToggleOptions) macaron.Handler {
// Redirect to log in page if auto-signin info is provided and has not signed in.
if !options.SignOutRequired && !ctx.IsSigned && !auth.IsAPIPath(ctx.Req.URL.Path) &&
len(ctx.GetCookie(setting.CookieUserName)) > 0 {
- ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL)
+ if ctx.Req.URL.Path != "/user/events" {
+ ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL)
+ }
ctx.Redirect(setting.AppSubURL + "/user/login")
return
}