diff options
| author | Stan Hu <stanhu@gmail.com> | 2015-11-04 14:53:35 +0000 |
|---|---|---|
| committer | Robert Speicher <rspeicher@gmail.com> | 2015-11-09 12:17:18 -0500 |
| commit | a76d4d272e16b4e05acafbb7c8f3847b9b6e97e9 (patch) | |
| tree | 0ac8d1f387ca549e75c03eec3e92cf6950237a0f | |
| parent | 52f9e27a938b114503ee0688a6fbf0bdd344da0d (diff) | |
| download | gitlab-ce-a76d4d272e16b4e05acafbb7c8f3847b9b6e97e9.tar.gz | |
Merge branch 'fix-infinite-redirect' into 'master'
Only redirect to homepage url when its not the root url
It was possible to create an infi redirect when the user set up the
`home_page_url` to redirect to the main URL of the gitlab instance.
This fix makes sure this redirect is not possible.
Fixes #1020
/cc @dblessing
See merge request !1703
| -rw-r--r-- | app/controllers/application_controller.rb | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 1b0609e279e..0d182e8eb04 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -59,13 +59,8 @@ class ApplicationController < ActionController::Base end def authenticate_user!(*args) - # If user is not signed-in and tries to access root_path - redirect him to landing page - # Don't redirect to the default URL to prevent endless redirections - if current_application_settings.home_page_url.present? && - current_application_settings.home_page_url.chomp('/') != Gitlab.config.gitlab['url'].chomp('/') - if current_user.nil? && root_path == request.path - redirect_to current_application_settings.home_page_url and return - end + if redirect_to_home_page_url? + redirect_to current_application_settings.home_page_url and return end super(*args) @@ -346,4 +341,17 @@ class ApplicationController < ActionController::Base def git_import_enabled? current_application_settings.import_sources.include?('git') end + + def redirect_to_home_page_url? + # If user is not signed-in and tries to access root_path - redirect him to landing page + # Don't redirect to the default URL to prevent endless redirections + return false unless current_application_settings.home_page_url.present? + + home_page_url = current_application_settings.home_page_url.chomp('/') + root_urls = [Gitlab.config.gitlab['url'].chomp('/'), root_url.chomp('/')] + + return false if root_urls.include?(home_page_url) + + current_user.nil? && root_path == request.path + end end |