Prevent redirect to Host (2) (#19175) (#19186) - gitea.git - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea

diff options

author	zeripath <art27@cantab.net>	2022-03-23 20:01:23 +0000
committer	GitHub <noreply@github.com>	2022-03-23 20:01:23 +0000
commit	e3d8e92bdc67562783de9a76b5b7842b68daeb48 (patch)
tree	95c0e944fc54b448f02b0b02ce9c5c861b262c2d /modules/setting/database_sqlite.go
parent	6fc73a84332643ffbd431f6e7fcb16942c505c04 (diff)
download	gitea-e3d8e92bdc67562783de9a76b5b7842b68daeb48.tar.gz gitea-e3d8e92bdc67562783de9a76b5b7842b68daeb48.zip

Prevent redirect to Host (2) (#19175) (#19186)

Backport #19175 Unhelpfully Locations starting with `/\` will be converted by the browser to `//` because ... well I do not fully understand. Certainly the RFCs and MDN do not indicate that this would be expected. Providing "compatibility" with the (mis)behaviour of a certain proprietary OS is my suspicion. However, we clearly have to protect against this. Therefore we should reject redirection locations that match the regular expression: `^/[\\\\/]+` Reference #9678 Signed-off-by: Andrew Thornton <art27@cantab.net>

Diffstat (limited to 'modules/setting/database_sqlite.go')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: