From 3a00a690c945bc2224d97a8fed00101063b8eda1 Mon Sep 17 00:00:00 2001 From: zeripath Date: Thu, 9 Jan 2020 21:37:37 +0000 Subject: [PATCH] Prevent redirect to Host (#9678) (#9679) --- modules/context/context.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/context/context.go b/modules/context/context.go index 4b590a718..f8663b9c0 100644 --- a/modules/context/context.go +++ b/modules/context/context.go @@ -1,4 +1,5 @@ // Copyright 2014 The Gogs Authors. All rights reserved. +// Copyright 2020 The Gitea Authors. All rights reserved. // Use of this source code is governed by a MIT-style // license that can be found in the LICENSE file. @@ -122,7 +123,7 @@ func (ctx *Context) RedirectToFirst(location ...string) { } u, err := url.Parse(loc) - if err != nil || (u.Scheme != "" && !strings.HasPrefix(strings.ToLower(loc), strings.ToLower(setting.AppURL))) { + if err != nil || ((u.Scheme != "" || u.Host != "") && !strings.HasPrefix(strings.ToLower(loc), strings.ToLower(setting.AppURL))) { continue }