cristiancmoises
/
gophish
mirror of https://github.com/gophish/gophish
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix open redirect vulnerability on the login page (#2262)

pull/2401/head
Kirill 2022-02-16 18:26:51 +02:00 committed by GitHub
parent e215132bdf
commit 67e304f372
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
controllers/route.go
View File

@ -7,6 +7,7 @@ import (
"html/template"
"net/http"
"net/url"
"strings"
"time"
"github.com/NYTimes/gziphandler"
@ -296,9 +297,9 @@ func (as *AdminServer) nextOrIndex(w http.ResponseWriter, r *http.Request) {
next := "/"
url, err := url.Parse(r.FormValue("next"))
if err == nil {
path := url.Path
path := url.EscapedPath()
if path != "" {
next = path
next = "/" + strings.TrimLeft(path, "/")
}
}
http.Redirect(w, r, next, http.StatusFound)