Skip to content

Fix open redirect check for more cases (#25143) #25154

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 8, 2023
Merged

Fix open redirect check for more cases (#25143) #25154

merged 1 commit into from
Jun 8, 2023

Conversation

GiteaBot
Copy link
Collaborator

@GiteaBot GiteaBot commented Jun 8, 2023

Backport #25143 by @lafriks

If redirect_to parameter has set value starting with \\example.com redirect will be created with header Location: /\\example.com that will redirect to example.com domain.

@lafriks @GiteaBot
Fix open redirect check for more cases (go-gitea#25143)
8d23c1e 
If redirect_to parameter has set value starting with `\\example.com`
redirect will be created with header `Location: /\\example.com` that
will redirect to example.com domain.
@GiteaBot GiteaBot added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Jun 8, 2023
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Jun 8, 2023
@GiteaBot GiteaBot added this to the 1.20.0 milestone Jun 8, 2023
@GiteaBot GiteaBot requested review from delvh and silverwind June 8, 2023 14:08
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Jun 8, 2023
@lafriks lafriks added the skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features. label Jun 8, 2023
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jun 8, 2023
@silverwind silverwind merged commit 7679f4d into go-gitea:release/v1.20 Jun 8, 2023
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Sep 6, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@silverwind silverwind silverwind approved these changes

@lafriks lafriks lafriks approved these changes

@delvh delvh Awaiting requested review from delvh

Assignees

@lafriks lafriks

Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed!
Projects
None yet
Milestone
1.20.0
Development

Successfully merging this pull request may close these issues.
3 participants
@GiteaBot @silverwind @lafriks