public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

check for /\ redirects

This commit is contained in:
David Stark 2020-01-26 15:00:03 +00:00
parent d9362d3bb9
commit 0198dd6e93
No known key found for this signature in database
GPG Key ID: 3D73875B6FF4B48C
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
oauthproxy.go
View File

@ -558,7 +558,7 @@ func validOptionalPort(port string) bool {
// IsValidRedirect checks whether the redirect URL is whitelisted // IsValidRedirect checks whether the redirect URL is whitelisted
func (p *OAuthProxy) IsValidRedirect(redirect string) bool { func (p *OAuthProxy) IsValidRedirect(redirect string) bool {
switch { switch {
case strings.HasPrefix(redirect, "/") && !strings.HasPrefix(redirect, "//"): case strings.HasPrefix(redirect, "/") && !strings.HasPrefix(redirect, "//") && !strings.HasPrefix(redirect, "/\\"):
return true return true
case strings.HasPrefix(redirect, "http://") || strings.HasPrefix(redirect, "https://"): case strings.HasPrefix(redirect, "http://") || strings.HasPrefix(redirect, "https://"):
redirectURL, err := url.Parse(redirect) redirectURL, err := url.Parse(redirect)