Skip to content

Commit

Permalink
routes: fix open redirect vulnerability #5364 (#5365)
Browse files Browse the repository at this point in the history
  • Loading branch information
@chromium1337 @unknwon
chromium1337 authored and unknwon committed Aug 6, 2018
1 parent c9bb33a commit 1f247cf
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions routes/user/auth.go
View file
Expand Up @@ -73,10 +73,10 @@ func AutoLogin(c *context.Context) (bool, error) {
}

// isValidRedirect returns false if the URL does not redirect to same site.
// False: //url, http://url
// False: //url, http://url, /\url
// True: /url
func isValidRedirect(url string) bool {
return len(url) >= 2 && url[0] == '/' && url[1] != '/'
return len(url) >= 2 && url[0] == '/' && url[1] != '/' && url[1] != '\\'
}

func Login(c *context.Context) {
Expand Down

0 comments on commit 1f247cf

Please sign in to comment.