From bd7d1e2f169d6cdfecd952a1d3ed55d0f49f4104 Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Fri, 28 Sep 2018 23:19:08 -0400
Subject: routes: fix open redirect vulnerability (#5355)

Reported by @cezar97.
---
 pkg/tool/path.go | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 pkg/tool/path.go

(limited to 'pkg/tool/path.go')

diff --git a/pkg/tool/path.go b/pkg/tool/path.go
new file mode 100644
index 00000000..e478abc5
--- /dev/null
+++ b/pkg/tool/path.go
@@ -0,0 +1,12 @@
+// Copyright 2018 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package tool
+
+// IsSameSiteURLPath returns true if the URL path belongs to the same site, false otherwise.
+// False: //url, http://url, /\url
+// True: /url
+func IsSameSiteURLPath(url string) bool {
+	return len(url) >= 2 && url[0] == '/' && url[1] != '/' && url[1] != '\\'
+}
-- 
cgit v1.2.3