diff options
author | Markus Koller <mkoller@gitlab.com> | 2019-06-20 19:45:01 +0200 |
---|---|---|
committer | Markus Koller <mkoller@gitlab.com> | 2019-06-25 13:19:30 +0200 |
commit | db132bae1d0098dce835844bfa667c5377510d3c (patch) | |
tree | 0b690d78e0251ab6010e76aea7960a2f815b8935 /app/controllers/concerns | |
parent | 8fd2c08472afc3846ba28f97994a57143bc76eaf (diff) | |
download | gitlab-ce-db132bae1d0098dce835844bfa667c5377510d3c.tar.gz |
Support redirect paths starting with a dash51952-forking-via-webide
We use a leading dash for certain things like the WebIDE, which
had the side effect of losing the `params[:continue][:to]` param when
opening the WebIDE on a project where the user doesn't have push access
and therefore needs to fork the project first.
Diffstat (limited to 'app/controllers/concerns')
-rw-r--r-- | app/controllers/concerns/internal_redirect.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/controllers/concerns/internal_redirect.rb b/app/controllers/concerns/internal_redirect.rb index 6785e6972d0..fa3716502a0 100644 --- a/app/controllers/concerns/internal_redirect.rb +++ b/app/controllers/concerns/internal_redirect.rb @@ -5,8 +5,8 @@ module InternalRedirect def safe_redirect_path(path) return unless path - # Verify that the string starts with a `/` but not a double `/`. - return unless path =~ %r{^/\w.*$} + # Verify that the string starts with a `/` and a known route character. + return unless path =~ %r{^/[-\w].*$} uri = URI(path) # Ignore anything path of the redirect except for the path, querystring and, |