[PORT] drop utils.IsExternalURL (and expand IsRiskyRedirectURL tests) (#3167)

Related to #2773 Related to Refactor URL detection [gitea#29960](https://github.com/go-gitea/gitea/pull/29960) Related to Refactor external URL detection [gitea#29973](https://github.com/go-gitea/gitea/pull/29973) I added a bunch of tests to `httplib.TestIsRiskyRedirectURL` and some cases should be better handled (however it is not an easy task). I also ported the removal of `utils.IsExternalURL`, since it prevents duplicated (subtle) code. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3167 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: oliverpool <git@olivier.pfad.fr> Co-committed-by: oliverpool <git@olivier.pfad.fr>
2024-04-15 13:03:08 +00:00 · 2024-04-15 13:03:08 +00:00 · 16879b07d2
commit 16879b07d2
parent 20c0292b5c
6 changed files with 104 additions and 75 deletions
--- a/services/context/context_response.go
+++ b/services/context/context_response.go
@ -44,8 +44,10 @@ func RedirectToUser(ctx *Base, userName string, redirectUserID int64) {
 	ctx.Redirect(path.Join(setting.AppSubURL, redirectPath), http.StatusTemporaryRedirect)
 }

-// RedirectToFirst redirects to first not empty URL
-func (ctx *Context) RedirectToFirst(location ...string) {
+// RedirectToFirst redirects to first not empty URL which likely belongs to current site.
+// If no suitable redirection is found, it redirects to the home.
+// It returns the location it redirected to.
+func (ctx *Context) RedirectToFirst(location ...string) string {
 	for _, loc := range location {
 		if len(loc) == 0 {
 			continue
@ -56,10 +58,11 @@ func (ctx *Context) RedirectToFirst(location ...string) {
 		}

 		ctx.Redirect(loc)
-		return
+		return loc
 	}

 	ctx.Redirect(setting.AppSubURL + "/")
+	return setting.AppSubURL + "/"
 }

 const tplStatus500 base.TplName = "status/500"