gitlab-org--gitlab-foss/app/controllers/concerns/continue_params.rb

module ContinueParams
  extend ActiveSupport::Concern

  def continue_params
    continue_params = params[:continue]
    return nil unless continue_params

    continue_params = continue_params.permit(:to, :notice, :notice_now)
    return unless continue_params[:to] && continue_params[:to].start_with?('/')
    return if continue_params[:to].start_with?('//')

    continue_params
  end
end
ContinueToParams -> ContinueParams 2016-03-07 09:36:16 +00:00			`module ContinueParams`
Check redirect path in the continue_params Fixes https://dev.gitlab.org/gitlab/gitlabhq/issues/2649 https://gitlab.com/gitlab-org/gitlab-ce/issues/13956 2016-03-07 09:06:54 +00:00			`extend ActiveSupport::Concern`

			`def continue_params`
			`continue_params = params[:continue]`
			`return nil unless continue_params`

Fix denting and spec 2016-03-07 10:45:14 +00:00			`continue_params = continue_params.permit(:to, :notice, :notice_now)`
ContinueToParams -> ContinueParams 2016-03-07 09:36:16 +00:00			`return unless continue_params[:to] && continue_params[:to].start_with?('/')`
Merge branch 'open-redirect-fix-continue-to' into 'security' Fix for open redirect vuln involving continue[to] params See merge request !2083 2017-04-05 21:17:49 +00:00			`return if continue_params[:to].start_with?('//')`
Check redirect path in the continue_params Fixes https://dev.gitlab.org/gitlab/gitlabhq/issues/2649 https://gitlab.com/gitlab-org/gitlab-ce/issues/13956 2016-03-07 09:06:54 +00:00
			`continue_params`
			`end`
			`end`