Don't Unescape redirect_to cookie value (#6399)

redirect_to holds a value that we want to redirect back to after login. This value can be a path with intentonally escaped values and we should not unescape it. Fixes #4475
2025-07-22 18:28:37 +00:00 · 2019-03-20 22:06:16 -04:00
parent 6d345e00e6
commit 6f2e1bd23a
2 changed files with 5 additions and 6 deletions
--- a/routers/user/auth_openid.go
+++ b/routers/user/auth_openid.go
@@ -47,7 +47,7 @@ func SignInOpenID(ctx *context.Context) {
 	if len(redirectTo) > 0 {
 		ctx.SetCookie("redirect_to", redirectTo, 0, setting.AppSubURL, "", setting.SessionConfig.Secure, true)
 	} else {
-		redirectTo, _ = url.QueryUnescape(ctx.GetCookie("redirect_to"))
+		redirectTo = ctx.GetCookie("redirect_to")
 	}

 	if isSucceed {