forgejo

You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

History

zeripath 0b1686b67a Prevent redirect to Host (2) (#19175 ) Unhelpfully Locations starting with `/\` will be converted by the browser to `//` because ... well I do not fully understand. Certainly the RFCs and MDN do not indicate that this would be expected. Providing "compatibility" with the (mis)behaviour of a certain proprietary OS is my suspicion. However, we clearly have to protect against this. Therefore we should reject redirection locations that match the regular expression: `^/[\\\\/]+` Reference #9678 Signed-off-by: Andrew Thornton <art27@cantab.net>		2 years ago
..
access_log.go	Pass down SignedUserName down to AccessLogger context (#16605 )	3 years ago
api.go	Update HTTP status codes to modern codes (#18063 )	2 years ago
api_org.go	Use a standalone struct name for Organization (#17632 )	3 years ago
api_test.go	format with gofumpt (#18184 )	2 years ago
auth.go	Renamed ctx.User to ctx.Doer. (#19161 )	2 years ago
captcha.go	format with gofumpt (#18184 )	2 years ago
context.go	Prevent redirect to Host (2) (#19175 )	2 years ago
csrf.go	format with gofumpt (#18184 )	2 years ago
form.go	Add config options to hide issue events (#17414 )	2 years ago
org.go	Renamed ctx.User to ctx.Doer. (#19161 )	2 years ago
pagination.go	Refactor admin user filter query parameters (#18965 )	2 years ago
permission.go	Renamed ctx.User to ctx.Doer. (#19161 )	2 years ago
private.go	format with gofumpt (#18184 )	2 years ago
repo.go	Redirect .wiki/* ui link to /wiki (#18831 )	2 years ago
response.go	format with gofumpt (#18184 )	2 years ago
xsrf.go	Move macaron to chi (#14293 )	3 years ago
xsrf_test.go	Move macaron to chi (#14293 )	3 years ago