forked from forgejo/forgejo
Don't Unescape redirect_to cookie value (#6399)
redirect_to holds a value that we want to redirect back to after login. This value can be a path with intentonally escaped values and we should not unescape it. Fixes #4475
This commit is contained in:
parent
6d345e00e6
commit
6f2e1bd23a
2 changed files with 5 additions and 6 deletions
|
@ -47,7 +47,7 @@ func SignInOpenID(ctx *context.Context) {
|
|||
if len(redirectTo) > 0 {
|
||||
ctx.SetCookie("redirect_to", redirectTo, 0, setting.AppSubURL, "", setting.SessionConfig.Secure, true)
|
||||
} else {
|
||||
redirectTo, _ = url.QueryUnescape(ctx.GetCookie("redirect_to"))
|
||||
redirectTo = ctx.GetCookie("redirect_to")
|
||||
}
|
||||
|
||||
if isSucceed {
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue