Skip to content

Commit

Permalink
Prevent redirect to Host (#9678) (#9680)
Browse files Browse the repository at this point in the history
  • Loading branch information
zeripath authored and techknowlogick committed Jan 9, 2020
1 parent 319c921 commit cd3e52d
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion modules/context/context.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
// Copyright 2014 The Gogs Authors. All rights reserved.
// Copyright 2020 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

Expand Down Expand Up @@ -122,7 +123,7 @@ func (ctx *Context) RedirectToFirst(location ...string) {
}

u, err := url.Parse(loc)
if err != nil || (u.Scheme != "" && !strings.HasPrefix(strings.ToLower(loc), strings.ToLower(setting.AppURL))) {
if err != nil || ((u.Scheme != "" || u.Host != "") && !strings.HasPrefix(strings.ToLower(loc), strings.ToLower(setting.AppURL))) {
continue
}

Expand Down

0 comments on commit cd3e52d

Please sign in to comment.