gitlab-org--gitlab-foss/app/controllers/concerns/continue_params.rb
Sean McGivern d687f6436a Merge branch 'open-redirect-fix-continue-to' into 'security'
Fix for open redirect vuln involving continue[to] params

See merge request !2083
2017-04-05 21:07:26 -07:00

14 lines
392 B
Ruby

module ContinueParams
extend ActiveSupport::Concern
def continue_params
continue_params = params[:continue]
return nil unless continue_params
continue_params = continue_params.permit(:to, :notice, :notice_now)
return unless continue_params[:to] && continue_params[:to].start_with?('/')
return if continue_params[:to].start_with?('//')
continue_params
end
end