diff options
| author | Jaime Martinez <jmartinez@gitlab.com> | 2022-06-22 03:59:35 +0300 |
|---|---|---|
| committer | Jaime Martinez <jmartinez@gitlab.com> | 2022-06-22 03:59:35 +0300 |
| commit | 2b3a49344e281894a56e3340ba011543a5283e37 (patch) | |
| tree | 429401e75e905c3881befde40fd4f05386720e7d | |
| parent | 10dfb15d567beb35fd4e2beeba5e6d375edd3d3f (diff) | |
| parent | ca6db0ba6ba8b85d064b4bc3fe89795e78496df8 (diff) | |
Merge branch 'fix-redirects' into 'master'
Fix domain level redirects
See merge request gitlab-org/gitlab-pages!790
| -rw-r--r-- | internal/redirects/validations.go | 3 | ||||
| -rw-r--r-- | internal/redirects/validations_test.go | 4 |
2 files changed, 6 insertions, 1 deletions
diff --git a/internal/redirects/validations.go b/internal/redirects/validations.go index 5264f731..ed022f52 100644 --- a/internal/redirects/validations.go +++ b/internal/redirects/validations.go @@ -28,7 +28,8 @@ func validateURL(urlText string) error { // No support for domain-level redirects to outside sites: // - `https://google.com` // - `//google.com` - if url.Host != "" || url.Scheme != "" { + // - `/\google.com` + if url.Host != "" || url.Scheme != "" || strings.HasPrefix(url.Path, "/\\") { return errNoDomainLevelRedirects } diff --git a/internal/redirects/validations_test.go b/internal/redirects/validations_test.go index 6d6fbb3d..296be511 100644 --- a/internal/redirects/validations_test.go +++ b/internal/redirects/validations_test.go @@ -24,6 +24,10 @@ func TestRedirectsValidateUrl(t *testing.T) { url: "https://GitLab.com", expectedErr: errNoDomainLevelRedirects, }, + "no_special_characters_escape_domain_level_redirects": { + url: "/\\GitLab.com", + expectedErr: errNoDomainLevelRedirects, + }, "no_schemaless_url_domain_level_redirects": { url: "//GitLab.com/pages.html", expectedErr: errNoDomainLevelRedirects, |