diff options
| author | Unknwon <u@gogs.io> | 2018-09-28 23:19:08 -0400 |
|---|---|---|
| committer | Unknwon <u@gogs.io> | 2018-09-28 23:19:29 -0400 |
| commit | bd7d1e2f169d6cdfecd952a1d3ed55d0f49f4104 (patch) | |
| tree | c6c0b5db2afb16081f3aecc8f441f7618f824a91 /routes/repo/branch.go | |
| parent | aff0bbcc325d9564fcd2b08c2fd52281f0dfc486 (diff) | |
routes: fix open redirect vulnerability (#5355)
Reported by @cezar97.
Diffstat (limited to 'routes/repo/branch.go')
| -rw-r--r-- | routes/repo/branch.go | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/routes/repo/branch.go b/routes/repo/branch.go index 432ebe86..e24df65a 100644 --- a/routes/repo/branch.go +++ b/routes/repo/branch.go @@ -14,6 +14,7 @@ import ( "github.com/gogs/gogs/models" "github.com/gogs/gogs/pkg/context" + "github.com/gogs/gogs/pkg/tool" ) const ( @@ -112,7 +113,7 @@ func DeleteBranchPost(c *context.Context) { defer func() { redirectTo := c.Query("redirect_to") - if len(redirectTo) == 0 { + if !tool.IsSameSiteURLPath(redirectTo) { redirectTo = c.Repo.RepoLink } c.Redirect(redirectTo) |