Nemcio/Gogs
1
0
Fork 0
mirror of https://github.com/gogs/gogs.git synced 2026-05-07 06:36:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

Replace tool.IsMaliciousPath with pathutil.Clean and move IsSameSite to urlutil (#8106)

Browse Source
This commit is contained in:
Copilot
2026-01-23 21:13:27 -05:00
committed by GitHub
parent a7bc1637db
commit 1cdeef2ce8
9 changed files with 47 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
internal/route/user/auth.go
View File

@@ -18,6 +18,7 @@ import (
"gogs.io/gogs/internal/email"
"gogs.io/gogs/internal/form"
"gogs.io/gogs/internal/tool"
"gogs.io/gogs/internal/urlutil"
"gogs.io/gogs/internal/userutil"
)
@@ -92,7 +93,7 @@ func Login(c *context.Context) {
}
if isSucceed {
if tool.IsSameSiteURLPath(redirectTo) {
if urlutil.IsSameSite(redirectTo) {
c.Redirect(redirectTo)
} else {
c.RedirectSubpath("/")
@@ -138,7 +139,7 @@ func afterLogin(c *context.Context, u *database.User, remember bool) {
redirectTo, _ := url.QueryUnescape(c.GetCookie("redirect_to"))
c.SetCookie("redirect_to", "", -1, conf.Server.Subpath)
if tool.IsSameSiteURLPath(redirectTo) {
if urlutil.IsSameSite(redirectTo) {
c.Redirect(redirectTo)
return
}

4
internal/route/user/profile.go
View File

@@ -9,7 +9,7 @@ import (
"gogs.io/gogs/internal/context"
"gogs.io/gogs/internal/database"
"gogs.io/gogs/internal/route/repo"
"gogs.io/gogs/internal/tool"
"gogs.io/gogs/internal/urlutil"
)
const (
@@ -122,7 +122,7 @@ func Action(c *context.Context, puser *context.ParamsUser) {
}
redirectTo := c.Query("redirect_to")
if !tool.IsSameSiteURLPath(redirectTo) {
if !urlutil.IsSameSite(redirectTo) {
redirectTo = puser.HomeURLPath()
}
c.Redirect(redirectTo)