Skip to content

G
gitlab-ce
Commit 91ec7343 authored by Douglas Barbosa Alexandre's avatar Douglas Barbosa Alexandre
Browse files
Options

Sanitize the entire geo_return_to_after_login url

parent 808c2872
Hide whitespace changes
Inline Side-by-side
Showing with 2 additions and 2 deletions
ee/app/controllers/ee/sessions_controller.rb
View file @ 91ec7343
...@@ -41,7 +41,7 @@ module EE ...@@ -41,7 +41,7 @@ module EE
end end
def geo_return_to_after_login def geo_return_to_after_login
::Gitlab::Utils.append_path(root_url, sanitize_redirect(session[:user_return_to].to_s)) sanitize_redirect(::Gitlab::Utils.append_path(root_url, session[:user_return_to].to_s))
end end
def geo_return_to_after_logout def geo_return_to_after_logout
......
ee/spec/controllers/ee/sessions_controller_spec.rb
View file @ 91ec7343
...@@ -28,7 +28,7 @@ describe SessionsController do ...@@ -28,7 +28,7 @@ describe SessionsController do
expect(response).to have_gitlab_http_status(302) expect(response).to have_gitlab_http_status(302)
expect(response).to redirect_to %r(\A#{primary_node.url}oauth/geo/auth) expect(response).to redirect_to %r(\A#{primary_node.url}oauth/geo/auth)
expect(redirect_params['state'].first).to end_with(':/') expect(redirect_params['state'].first).to end_with(':')
end end
end end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7