go-packages/iris
1
0
Fork 0
mirror of https://github.com/kataras/iris.git synced 2025-02-02 23:40:35 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #972 from wozz/patch-1

Browse Source 
Fix open redirect

Former-commit-id: c2f89d48d6fd1e0b96f057d32cff58147b83b5f0
This commit is contained in:
Gerasimos (Makis) Maropoulos 2018-04-21 13:04:20 +03:00 committed by GitHub
commit 4ccf31eb44
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
core/router/handler.go
View File

@ -152,13 +152,14 @@ func (h *routerHandler) HandleRequest(ctx context.Context) {
path := ctx.Path() path := ctx.Path()
if !ctx.Application().ConfigurationReadOnly().GetDisablePathCorrection() { if !ctx.Application().ConfigurationReadOnly().GetDisablePathCorrection() {
if len(path) > 1 && path[len(path)-1] == '/' { if len(path) > 1 && strings.HasSuffix(path, "/") {
// Remove trailing slash and client-permant rule for redirection, // Remove trailing slash and client-permanent rule for redirection,
// if confgiuration allows that and path has an extra slash. // if confgiuration allows that and path has an extra slash.
// update the new path and redirect. // update the new path and redirect.
r := ctx.Request() r := ctx.Request()
path = path[:len(path)-1] // use Trim to ensure there is no open redirect due to two leading slashes
path = "/" + strings.Trim(path, "/")
r.URL.Path = path r.URL.Path = path
url := r.URL.String() url := r.URL.String()