tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-03 09:07:19 +00:00
Code Releases Activity

Refactor URL detection (#29960)

Browse Source 
"Redirect" functions should only redirect if the target is for current Gitea site.
This commit is contained in:
wxiaoguang
2024-03-21 20:02:34 +08:00
committed by GitHub
parent 0b4ff15356
commit 01500957c2
9 changed files with 96 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
routers/web/auth/auth.go
View File

@ -133,7 +133,7 @@ func RedirectAfterLogin(ctx *context.Context) {
if setting.LandingPageURL == setting.LandingPageLogin {
nextRedirectTo = setting.AppSubURL + "/" // do not cycle-redirect to the login page
}
ctx.RedirectToFirst(redirectTo, nextRedirectTo)
ctx.RedirectToCurrentSite(redirectTo, nextRedirectTo)
}
func CheckAutoLogin(ctx *context.Context) bool {
@ -371,7 +371,7 @@ func handleSignInFull(ctx *context.Context, u *user_model.User, remember, obeyRe
if redirectTo := ctx.GetSiteCookie("redirect_to"); len(redirectTo) > 0 && !utils.IsExternalURL(redirectTo) {
middleware.DeleteRedirectToCookie(ctx.Resp)
if obeyRedirect {
ctx.RedirectToFirst(redirectTo)
ctx.RedirectToCurrentSite(redirectTo)
}
return redirectTo
}
@ -808,7 +808,7 @@ func handleAccountActivation(ctx *context.Context, user *user_model.User) {
ctx.Flash.Success(ctx.Tr("auth.account_activated"))
if redirectTo := ctx.GetSiteCookie("redirect_to"); len(redirectTo) > 0 {
middleware.DeleteRedirectToCookie(ctx.Resp)
ctx.RedirectToFirst(redirectTo)
ctx.RedirectToCurrentSite(redirectTo)
return
}

2
routers/web/auth/oauth.go
View File

@ -1157,7 +1157,7 @@ func handleOAuth2SignIn(ctx *context.Context, source *auth.Source, u *user_model
if redirectTo := ctx.GetSiteCookie("redirect_to"); len(redirectTo) > 0 {
middleware.DeleteRedirectToCookie(ctx.Resp)
ctx.RedirectToFirst(redirectTo)
ctx.RedirectToCurrentSite(redirectTo)
return
}

2
routers/web/auth/password.go
View File

@ -314,7 +314,7 @@ func MustChangePasswordPost(ctx *context.Context) {
if redirectTo := ctx.GetSiteCookie("redirect_to"); len(redirectTo) > 0 && !utils.IsExternalURL(redirectTo) {
middleware.DeleteRedirectToCookie(ctx.Resp)
ctx.RedirectToFirst(redirectTo)
ctx.RedirectToCurrentSite(redirectTo)
return
}

2
routers/web/repo/repo.go
View File

@ -371,7 +371,7 @@ func Action(ctx *context.Context) {
return
}
ctx.RedirectToFirst(ctx.FormString("redirect_to"), ctx.Repo.RepoLink)
ctx.RedirectToCurrentSite(ctx.FormString("redirect_to"), ctx.Repo.RepoLink)
}
func acceptOrRejectRepoTransfer(ctx *context.Context, accept bool) error {

2
routers/web/web.go
View File

@ -174,7 +174,7 @@ func verifyAuthWithOptions(options *common.VerifyOptions) func(ctx *context.Cont
// Redirect to dashboard (or alternate location) if user tries to visit any non-login page.
if options.SignOutRequired && ctx.IsSigned && ctx.Req.URL.RequestURI() != "/" {
ctx.RedirectToFirst(ctx.FormString("redirect_to"))
ctx.RedirectToCurrentSite(ctx.FormString("redirect_to"))
return
}