1
0
Fork 0
forked from forgejo/forgejo

Don't Unescape redirect_to cookie value (#6399)

redirect_to holds a value that we want to redirect back to after login.
This value can be a path with intentonally escaped values and we
should not unescape it.

Fixes #4475
This commit is contained in:
mrsdizzie 2019-03-20 22:06:16 -04:00 committed by techknowlogick
parent 6d345e00e6
commit 6f2e1bd23a
2 changed files with 5 additions and 6 deletions

View file

@ -47,7 +47,7 @@ func SignInOpenID(ctx *context.Context) {
if len(redirectTo) > 0 {
ctx.SetCookie("redirect_to", redirectTo, 0, setting.AppSubURL, "", setting.SessionConfig.Secure, true)
} else {
redirectTo, _ = url.QueryUnescape(ctx.GetCookie("redirect_to"))
redirectTo = ctx.GetCookie("redirect_to")
}
if isSucceed {