Don't Unescape redirect_to cookie value (#6399) #6401

mrsdizzie · 2019-03-21T04:22:02Z

Backport to release/v1.8

redirect_to holds a value that we want to redirect back to after login. This value can be a path with intentonally escaped values and we should not unescape it. Fixes go-gitea#4475

Don't Unescape redirect_to cookie value (go-gitea#6399)

5fd9052

redirect_to holds a value that we want to redirect back to after login. This value can be a path with intentonally escaped values and we should not unescape it. Fixes go-gitea#4475

techknowlogick added this to the 1.8.0 milestone Mar 21, 2019

techknowlogick added the type/bug label Mar 21, 2019

techknowlogick approved these changes Mar 21, 2019

View reviewed changes

GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Mar 21, 2019

lafriks approved these changes Mar 21, 2019

View reviewed changes

GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Mar 21, 2019

lafriks merged commit 3ce1951 into go-gitea:release/v1.8 Mar 21, 2019

go-gitea locked and limited conversation to collaborators Nov 24, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Don't Unescape redirect_to cookie value (#6399) #6401

Don't Unescape redirect_to cookie value (#6399) #6401

mrsdizzie commented Mar 21, 2019

Don't Unescape redirect_to cookie value (#6399) #6401

Don't Unescape redirect_to cookie value (#6399) #6401

Conversation

mrsdizzie commented Mar 21, 2019