peter/go-gitea
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

make sure path check is safe

Browse Source
This commit is contained in:
Lanre Adelowo 2018-07-21 20:26:26 +01:00
parent 5a2ea86adf
commit 3b87fefe2b
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
modules/context/auth.go
View File

@ -39,7 +39,8 @@ func Toggle(options *ToggleOptions) macaron.Handler {
return return
} }
if ctx.Req.URL.Path == "/user/change_password" { // prevent infinite redirection
if ctx.Req.URL.Path == setting.AppSubURL+"/user/change_password" {
return return
} else if ctx.User.MustChangePassword { } else if ctx.User.MustChangePassword {
ctx.Data["Title"] = ctx.Tr("auth.must_change_password") ctx.Data["Title"] = ctx.Tr("auth.must_change_password")