BigW Consortium Gitlab

Skip to content

G
gitlab-ce
Commit 8fae6a3d by Sean McGivern Committed by DJ Mountney
Options

Merge branch 'open-redirect-fix-continue-to' into 'security'

Fix for open redirect vuln involving continue[to] params See merge request !2083
parent 191e748c
Showing with 13 additions and 1 deletion
app/controllers/concerns/continue_params.rb
......@@ -7,6 +7,7 @@ module ContinueParams
continue_params = continue_params.permit(:to, :notice, :notice_now)
return unless continue_params[:to] && continue_params[:to].start_with?('/')
return if continue_params[:to].start_with?('//')
continue_params
end
......
changelogs/unreleased/open-redirect-continue-params.yml 0 → 100644
---
title: Fix for open redirect vulnerability using continue[to] in URL when requesting project import status.
merge_request:
author:
spec/controllers/projects/imports_controller_spec.rb
......@@ -96,12 +96,19 @@ describe Projects::ImportsController do
}
end
it 'redirects to params[:to]' do
it 'redirects to internal params[:to]' do
get :show, namespace_id: project.namespace.to_param, project_id: project.to_param, continue: params
expect(flash[:notice]).to eq params[:notice]
expect(response).to redirect_to params[:to]
end
it 'does not redirect to external params[:to]' do
params[:to] = "//google.com"
get :show, namespace_id: project.namespace.to_param, project_id: project.to_param, continue: params
expect(response).not_to redirect_to params[:to]
end
end
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment