Commit d687f643 authored by Sean McGivern's avatar Sean McGivern Committed by DJ Mountney

Merge branch 'open-redirect-fix-continue-to' into 'security'

Fix for open redirect vuln involving continue[to] params

See merge request !2083
parent b80653bb
......@@ -7,6 +7,7 @@ module ContinueParams
continue_params = continue_params.permit(:to, :notice, :notice_now)
return unless continue_params[:to] && continue_params[:to].start_with?('/')
return if continue_params[:to].start_with?('//')
continue_params
end
......
---
title: Fix for open redirect vulnerability using continue[to] in URL when requesting project import status.
merge_request:
author:
......@@ -96,12 +96,19 @@ describe Projects::ImportsController do
}
end
it 'redirects to params[:to]' do
it 'redirects to internal params[:to]' do
get :show, namespace_id: project.namespace.to_param, project_id: project, continue: params
expect(flash[:notice]).to eq params[:notice]
expect(response).to redirect_to params[:to]
end
it 'does not redirect to external params[:to]' do
params[:to] = "//google.com"
get :show, namespace_id: project.namespace.to_param, project_id: project, continue: params
expect(response).not_to redirect_to params[:to]
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment