mirror of https://github.com/go-gitea/gitea.git
e3d8e92bdc
Backport #19175 Unhelpfully Locations starting with `/\` will be converted by the browser to `//` because ... well I do not fully understand. Certainly the RFCs and MDN do not indicate that this would be expected. Providing "compatibility" with the (mis)behaviour of a certain proprietary OS is my suspicion. However, we clearly have to protect against this. Therefore we should reject redirection locations that match the regular expression: `^/[\\\\/]+` Reference #9678 Signed-off-by: Andrew Thornton <art27@cantab.net> |
||
|---|---|---|
| .. | ||
| access_log.go | ||
| api.go | ||
| api_org.go | ||
| api_test.go | ||
| auth.go | ||
| captcha.go | ||
| context.go | ||
| csrf.go | ||
| form.go | ||
| org.go | ||
| pagination.go | ||
| permission.go | ||
| private.go | ||
| repo.go | ||
| response.go | ||
| xsrf.go | ||
| xsrf_test.go | ||