New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When redirecting clean the path to avoid redirecting to //www.othersite.com (#5669) (Backport v1.6) #5703

Merged
merged 1 commit into from Jan 12, 2019

Conversation

5 participants
@zeripath
Copy link
Contributor

zeripath commented Jan 11, 2019

Backport of #5669 to v1.6

Out of the box it is possible to get gitea to redirect to other servers:

$ curl -i --path-as-is http://localhost:3000//www.google.com/..
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Location: //www.google.com/../
Date: Tue, 08 Jan 2019 21:53:05 GMT
Content-Length: 43

<a href="//www.google.com/../">Found</a>.

This PR cleans the path, prior to sending a http.Redirect.

Fix #5627

With thanks from @0x5c

Fix #5627

Signed-off-by: Andrew Thornton art27@cantab.net

When redirecting clean the path to avoid redirecting to //www.othersi…
…te.com (#5669)

Fix #5627

Signed-off-by: Andrew Thornton <art27@cantab.net>

@bkcsoft bkcsoft added the lgtm/need 1 label Jan 11, 2019

@bkcsoft bkcsoft added lgtm/done and removed lgtm/need 1 labels Jan 12, 2019

@techknowlogick techknowlogick merged commit f5b43a6 into go-gitea:release/v1.6 Jan 12, 2019

2 checks passed

approvals/lgtm this commit looks good
continuous-integration/drone/pr the build was successful
Details

@lunny lunny added this to the 1.6.4 milestone Jan 13, 2019

@zeripath zeripath deleted the zeripath:issue-5627-url-redirect-security-issue branch Jan 13, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment