Prevent redirect to Host (#9678) (#9679)

This commit is contained in:
zeripath 2020-01-09 21:37:37 +00:00 committed by techknowlogick
parent a2b7cc1bb1
commit 3a00a690c9
1 changed files with 2 additions and 1 deletions

View File

@ -1,4 +1,5 @@
// Copyright 2014 The Gogs Authors. All rights reserved. // Copyright 2014 The Gogs Authors. All rights reserved.
// Copyright 2020 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style // Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file. // license that can be found in the LICENSE file.
@ -122,7 +123,7 @@ func (ctx *Context) RedirectToFirst(location ...string) {
} }
u, err := url.Parse(loc) u, err := url.Parse(loc)
if err != nil || (u.Scheme != "" && !strings.HasPrefix(strings.ToLower(loc), strings.ToLower(setting.AppURL))) { if err != nil || ((u.Scheme != "" || u.Host != "") && !strings.HasPrefix(strings.ToLower(loc), strings.ToLower(setting.AppURL))) {
continue continue
} }