From cdcfa7dc144c949663a02c988994798d894c3a7c Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Fri, 10 Nov 2023 21:16:16 +0000
Subject: Add latest changes from gitlab-org/gitlab@master

---
 .../external_redirect_controller.rb                | 36 ++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 app/controllers/external_redirect/external_redirect_controller.rb

(limited to 'app/controllers')

diff --git a/app/controllers/external_redirect/external_redirect_controller.rb b/app/controllers/external_redirect/external_redirect_controller.rb
new file mode 100644
index 00000000000..532196157b7
--- /dev/null
+++ b/app/controllers/external_redirect/external_redirect_controller.rb
@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module ExternalRedirect
+  class ExternalRedirectController < ApplicationController
+    feature_category :navigation
+    skip_before_action :authenticate_user!
+    before_action :check_url_param
+
+    def index
+      if known_url?
+        redirect_to url_param
+      else
+        render layout: 'fullscreen', locals: {
+          minimal: true,
+          url: url_param
+        }
+      end
+    end
+
+    private
+
+    def url_param
+      params['url']&.strip
+    end
+
+    def known_url?
+      uri_data = Addressable::URI.parse(url_param)
+
+      uri_data.site == Gitlab.config.gitlab.url
+    end
+
+    def check_url_param
+      render_404 unless ::Gitlab::UrlSanitizer.valid_web?(url_param)
+    end
+  end
+end
-- 
cgit v1.2.3