Escape provider name in oauth2 provider redirect (#12648)

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
tokarchuk/v1.17
zeripath 4 years ago committed by GitHub
parent 9bc69ff26e
commit 58f57b3b6c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 3
      modules/auth/oauth2/oauth2.go

@ -6,6 +6,7 @@ package oauth2
import (
"net/http"
"net/url"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
@ -119,7 +120,7 @@ func RemoveProvider(providerName string) {
// used to create different types of goth providers
func createProvider(providerName, providerType, clientID, clientSecret, openIDConnectAutoDiscoveryURL string, customURLMapping *CustomURLMapping) (goth.Provider, error) {
callbackURL := setting.AppURL + "user/oauth2/" + providerName + "/callback"
callbackURL := setting.AppURL + "user/oauth2/" + url.PathEscape(providerName) + "/callback"
var provider goth.Provider
var err error

Loading…
Cancel
Save