diff options
| author | mrsdizzie <info@mrsdizzie.com> | 2019-03-20 22:06:16 -0400 |
|---|---|---|
| committer | techknowlogick <matti@mdranta.net> | 2019-03-20 22:06:16 -0400 |
| commit | 6f2e1bd23ab7670e3bbc76d569b80007ca38af05 (patch) | |
| tree | 3c44037ccf5dac3b369fed4fcfc4ef54b2dfc6da | |
| parent | 6d345e00e602e991153192d6604ff7c6b23d0b74 (diff) | |
| download | gitea-6f2e1bd23ab7670e3bbc76d569b80007ca38af05.tar.gz gitea-6f2e1bd23ab7670e3bbc76d569b80007ca38af05.zip | |
Don't Unescape redirect_to cookie value (#6399)
redirect_to holds a value that we want to redirect back to after login.
This value can be a path with intentonally escaped values and we
should not unescape it.
Fixes #4475
| -rw-r--r-- | routers/user/auth.go | 9 | ||||
| -rw-r--r-- | routers/user/auth_openid.go | 2 |
2 files changed, 5 insertions, 6 deletions
diff --git a/routers/user/auth.go b/routers/user/auth.go index fc4c358a9a..0a24702c17 100644 --- a/routers/user/auth.go +++ b/routers/user/auth.go @@ -9,7 +9,6 @@ import ( "errors" "fmt" "net/http" - "net/url" "strings" "code.gitea.io/gitea/models" @@ -96,7 +95,7 @@ func checkAutoLogin(ctx *context.Context) bool { if len(redirectTo) > 0 { ctx.SetCookie("redirect_to", redirectTo, 0, setting.AppSubURL, "", setting.SessionConfig.Secure, true) } else { - redirectTo, _ = url.QueryUnescape(ctx.GetCookie("redirect_to")) + redirectTo = ctx.GetCookie("redirect_to") } if isSucceed { @@ -496,7 +495,7 @@ func handleSignInFull(ctx *context.Context, u *models.User, remember bool, obeyR return setting.AppSubURL + "/" } - if redirectTo, _ := url.QueryUnescape(ctx.GetCookie("redirect_to")); len(redirectTo) > 0 && !util.IsExternalURL(redirectTo) { + if redirectTo := ctx.GetCookie("redirect_to"); len(redirectTo) > 0 && !util.IsExternalURL(redirectTo) { ctx.SetCookie("redirect_to", "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true) if obeyRedirect { ctx.RedirectToFirst(redirectTo) @@ -587,7 +586,7 @@ func handleOAuth2SignIn(u *models.User, gothUser goth.User, ctx *context.Context return } - if redirectTo, _ := url.QueryUnescape(ctx.GetCookie("redirect_to")); len(redirectTo) > 0 { + if redirectTo := ctx.GetCookie("redirect_to"); len(redirectTo) > 0 { ctx.SetCookie("redirect_to", "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true) ctx.RedirectToFirst(redirectTo) return @@ -1298,7 +1297,7 @@ func MustChangePasswordPost(ctx *context.Context, cpt *captcha.Captcha, form aut log.Trace("User updated password: %s", u.Name) - if redirectTo, _ := url.QueryUnescape(ctx.GetCookie("redirect_to")); len(redirectTo) > 0 && !util.IsExternalURL(redirectTo) { + if redirectTo := ctx.GetCookie("redirect_to"); len(redirectTo) > 0 && !util.IsExternalURL(redirectTo) { ctx.SetCookie("redirect_to", "", -1, setting.AppSubURL) ctx.RedirectToFirst(redirectTo) return diff --git a/routers/user/auth_openid.go b/routers/user/auth_openid.go index b0e9092c78..8a8a5b7306 100644 --- a/routers/user/auth_openid.go +++ b/routers/user/auth_openid.go @@ -47,7 +47,7 @@ func SignInOpenID(ctx *context.Context) { if len(redirectTo) > 0 { ctx.SetCookie("redirect_to", redirectTo, 0, setting.AppSubURL, "", setting.SessionConfig.Secure, true) } else { - redirectTo, _ = url.QueryUnescape(ctx.GetCookie("redirect_to")) + redirectTo = ctx.GetCookie("redirect_to") } if isSucceed { |