diff options
| author | mrsdizzie <info@mrsdizzie.com> | 2019-03-20 22:06:16 -0400 |
|---|---|---|
| committer | techknowlogick <matti@mdranta.net> | 2019-03-20 22:06:16 -0400 |
| commit | 6f2e1bd23ab7670e3bbc76d569b80007ca38af05 (patch) | |
| tree | 3c44037ccf5dac3b369fed4fcfc4ef54b2dfc6da /routers/user/auth_openid.go | |
| parent | 6d345e00e602e991153192d6604ff7c6b23d0b74 (diff) | |
| download | gitea-6f2e1bd23ab7670e3bbc76d569b80007ca38af05.tar.gz gitea-6f2e1bd23ab7670e3bbc76d569b80007ca38af05.zip | |
Don't Unescape redirect_to cookie value (#6399)
redirect_to holds a value that we want to redirect back to after login.
This value can be a path with intentonally escaped values and we
should not unescape it.
Fixes #4475
Diffstat (limited to 'routers/user/auth_openid.go')
| -rw-r--r-- | routers/user/auth_openid.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/routers/user/auth_openid.go b/routers/user/auth_openid.go index b0e9092c78..8a8a5b7306 100644 --- a/routers/user/auth_openid.go +++ b/routers/user/auth_openid.go @@ -47,7 +47,7 @@ func SignInOpenID(ctx *context.Context) { if len(redirectTo) > 0 { ctx.SetCookie("redirect_to", redirectTo, 0, setting.AppSubURL, "", setting.SessionConfig.Secure, true) } else { - redirectTo, _ = url.QueryUnescape(ctx.GetCookie("redirect_to")) + redirectTo = ctx.GetCookie("redirect_to") } if isSucceed { |