Support redirect paths starting with a dash51952-forking-via-webide

We use a leading dash for certain things like the WebIDE, which had the side effect of losing the `params[:continue][:to]` param when opening the WebIDE on a project where the user doesn't have push access and therefore needs to fork the project first.
author: Markus Koller <mkoller@gitlab.com> 2019-06-20 19:45:01 +0200
committer: Markus Koller <mkoller@gitlab.com> 2019-06-25 13:19:30 +0200
commit: db132bae1d0098dce835844bfa667c5377510d3c (patch)
tree: 0b690d78e0251ab6010e76aea7960a2f815b8935 /app/controllers/concerns
parent: 8fd2c08472afc3846ba28f97994a57143bc76eaf (diff)
download: gitlab-ce-db132bae1d0098dce835844bfa667c5377510d3c.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/app/controllers/concerns/internal_redirect.rb b/app/controllers/concerns/internal_redirect.rb
index 6785e6972d0..fa3716502a0 100644
--- a/app/controllers/concerns/internal_redirect.rb
+++ b/app/controllers/concerns/internal_redirect.rb
@@ -5,8 +5,8 @@ module InternalRedirect
 
   def safe_redirect_path(path)
     return unless path
-    # Verify that the string starts with a `/` but not a double `/`.
-    return unless path =~ %r{^/\w.*$}
+    # Verify that the string starts with a `/` and a known route character.
+    return unless path =~ %r{^/[-\w].*$}
 
     uri = URI(path)
     # Ignore anything path of the redirect except for the path, querystring and,
author	Markus Koller <mkoller@gitlab.com>	2019-06-20 19:45:01 +0200
committer	Markus Koller <mkoller@gitlab.com>	2019-06-25 13:19:30 +0200
commit	db132bae1d0098dce835844bfa667c5377510d3c (patch)
tree	0b690d78e0251ab6010e76aea7960a2f815b8935 /app/controllers/concerns
parent	8fd2c08472afc3846ba28f97994a57143bc76eaf (diff)
download	gitlab-ce-db132bae1d0098dce835844bfa667c5377510d3c.tar.gz