Skip to content

Commit 5f7151d

Browse files
Potential fix for code scanning alert no. 3: Bad redirect check
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
1 parent a7f96a0 commit 5f7151d

1 file changed

Lines changed: 4 additions & 3 deletions

File tree

internal/api/auth_handlers.go

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -142,9 +142,10 @@ func (s *Server) renderLoginError(c echo.Context, username string, err string) e
142142
func (s *Server) handleLoginPost(c echo.Context) error {
143143
username := strings.TrimSpace(c.FormValue("username"))
144144
password := c.FormValue("password")
145-
next := c.QueryParam("next")
146-
if !strings.HasPrefix(next, "/") {
147-
next = "/" + next
145+
rawNext := c.QueryParam("next")
146+
next := "/"
147+
if strings.HasPrefix(rawNext, "/") && (len(rawNext) == 1 || (rawNext[1] != '/' && rawNext[1] != '\\')) {
148+
next = rawNext
148149
}
149150

150151
if s.breakGlass {

0 commit comments

Comments
 (0)