CVE-2023-3515: Fix open redirect check for more cases (#25143) · go-gitea/gitea@9aaaf98

Skip to content

Sign up

• • Actions

    Automate any workflow

  • Packages

    Host and manage packages

  • Security

    Find and fix vulnerabilities

  • Codespaces

    Instant dev environments

  • Copilot

    Write better code with AI

  • Code review

    Manage code changes

  • Issues

    Plan and track work

  • Discussions

    Collaborate outside of code

Explore

*   All features
*   Documentation
*   GitHub Skills
*   Blog

• For

  • Enterprise
  • Teams
  • Startups
  • Education

  By Solution

  • CI/CD & Automation
  • DevOps
  • DevSecOps

  Case Studies

  • Customer Stories
  • Resources

• • GitHub Sponsors

    Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

Repositories

*   Topics
*   Trending
*   Collections

• Pricing

• In this repository All GitHub

• No suggested jump to results

• In this repository All GitHub

• In this organization All GitHub

• In this repository All GitHub

Sign in

Sign up

go-gitea / gitea Public

• Notifications
• Fork 4.7k
• Star 37.4k

• Code
• Issues 2k
• Pull requests 161
• Actions
• Wiki
• Security
• Insights

More

Commit

Permalink

Browse files

Browse the repository at this point in the history

Fix open redirect check for more cases (#25143)

If redirect_to parameter has set value starting with `\\example.com` redirect will be created with header `Location: /\\example.com` that will redirect to example.com domain.

• Loading branch information

lafriks committed

Jun 8, 2023

1 parent 263ed09 commit 9aaaf98

Showing 1 changed file with 2 additions and 2 deletions.

4 changes: 2 additions & 2 deletions modules/context/context_response.go

Show comments View file

Expand Up

@@ -49,9 +49,9 @@ func (ctx *Context) RedirectToFirst(location …string) {

continue

}

// Unfortunately browsers consider a redirect Location with preceding “//” and “/\” as meaning redirect to “http(s)://REST_OF_PATH”

// Unfortunately browsers consider a redirect Location with preceding "//", “\\” and “/\” as meaning redirect to “http(s)://REST_OF_PATH”

// Therefore we should ignore these redirect locations to prevent open redirects

if len(loc) > 1 && loc[0] == ‘/’ && (loc[1] == ‘/’ || loc[1] == ‘\\’) {

if len(loc) > 1 && (loc[0] == ‘/’ || loc[0] == ‘\\’) && (loc[1] == ‘/’ || loc[1] == ‘\\’) {

continue

}

Expand Down

0 comments on commit 9aaaf98

Please sign in to comment.