diff options
| author | Jeroen van Baarsen <jeroenvanbaarsen@gmail.com> | 2015-10-28 17:39:22 +0100 |
|---|---|---|
| committer | Jeroen van Baarsen <jeroenvanbaarsen@gmail.com> | 2015-11-02 15:42:30 +0100 |
| commit | 2dec5ec99042cd8da6c127d4bcfa7f5f84ef94eb (patch) | |
| tree | c5c0fb014f16e4f783bc6bbddb2cd360b7ddeb8c /app/controllers | |
| parent | be0631e1cd3c9fd1796ae1abdefedde5279916a4 (diff) | |
| download | gitlab-ce-2dec5ec99042cd8da6c127d4bcfa7f5f84ef94eb.tar.gz | |
Only redirect to homepage url when its not the root url
It was possible to create an infi redirect when the user set up the
`home_page_url` to redirect to the main URL of the gitlab instance.
This fix makes sure this redirect is not possible.
Fixes !1020
Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/application_controller.rb | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 1b0609e279e..0d182e8eb04 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -59,13 +59,8 @@ class ApplicationController < ActionController::Base end def authenticate_user!(*args) - # If user is not signed-in and tries to access root_path - redirect him to landing page - # Don't redirect to the default URL to prevent endless redirections - if current_application_settings.home_page_url.present? && - current_application_settings.home_page_url.chomp('/') != Gitlab.config.gitlab['url'].chomp('/') - if current_user.nil? && root_path == request.path - redirect_to current_application_settings.home_page_url and return - end + if redirect_to_home_page_url? + redirect_to current_application_settings.home_page_url and return end super(*args) @@ -346,4 +341,17 @@ class ApplicationController < ActionController::Base def git_import_enabled? current_application_settings.import_sources.include?('git') end + + def redirect_to_home_page_url? + # If user is not signed-in and tries to access root_path - redirect him to landing page + # Don't redirect to the default URL to prevent endless redirections + return false unless current_application_settings.home_page_url.present? + + home_page_url = current_application_settings.home_page_url.chomp('/') + root_urls = [Gitlab.config.gitlab['url'].chomp('/'), root_url.chomp('/')] + + return false if root_urls.include?(home_page_url) + + current_user.nil? && root_path == request.path + end end |