From 017f314b5a0f930b477efa1c2a5309f8cdd6d3c3 Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Tue, 24 Dec 2019 00:11:12 +0000
Subject: Use Req.URL.RequestURI() to cope with FCGI urls (#9473)

* Use Req.URL.RequestURI() to cope with FCGI urls

* Add debug logging statement when forbidden in internal API.
---
 modules/context/auth.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'modules/context/auth.go')

diff --git a/modules/context/auth.go b/modules/context/auth.go
index be63720035..7410db75a5 100644
--- a/modules/context/auth.go
+++ b/modules/context/auth.go
@@ -49,7 +49,7 @@ func Toggle(options *ToggleOptions) macaron.Handler {
 				if ctx.Req.URL.Path != "/user/settings/change_password" {
 					ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
 					ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password"
-					ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.RequestURI, 0, setting.AppSubURL)
+					ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL)
 					ctx.Redirect(setting.AppSubURL + "/user/settings/change_password")
 					return
 				}
@@ -61,7 +61,7 @@ func Toggle(options *ToggleOptions) macaron.Handler {
 		}
 
 		// Redirect to dashboard if user tries to visit any non-login page.
-		if options.SignOutRequired && ctx.IsSigned && ctx.Req.RequestURI != "/" {
+		if options.SignOutRequired && ctx.IsSigned && ctx.Req.URL.RequestURI() != "/" {
 			ctx.Redirect(setting.AppSubURL + "/")
 			return
 		}
@@ -83,7 +83,7 @@ func Toggle(options *ToggleOptions) macaron.Handler {
 					return
 				}
 
-				ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.RequestURI, 0, setting.AppSubURL)
+				ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL)
 				ctx.Redirect(setting.AppSubURL + "/user/login")
 				return
 			} else if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
@@ -118,7 +118,7 @@ func Toggle(options *ToggleOptions) macaron.Handler {
 		// Redirect to log in page if auto-signin info is provided and has not signed in.
 		if !options.SignOutRequired && !ctx.IsSigned && !auth.IsAPIPath(ctx.Req.URL.Path) &&
 			len(ctx.GetCookie(setting.CookieUserName)) > 0 {
-			ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.RequestURI, 0, setting.AppSubURL)
+			ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL)
 			ctx.Redirect(setting.AppSubURL + "/user/login")
 			return
 		}
-- 
cgit v1.2.3