Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not display the raw OpenID error in the UI #5705

Merged
merged 4 commits into from
Jan 12, 2019
Merged

Do not display the raw OpenID error in the UI #5705

merged 4 commits into from
Jan 12, 2019

Commits on Jan 11, 2019

  1. Do not display the raw OpenID error in the UI 

    If there are no `WHITELIST_URIS` or `BLACKLIST_URIS` set in the openid
section of the app.ini, it is possible that gitea can leak sensitive
information about the local network through the error provided by the
UI. This PR hides the error information and logs it.

Fix go-gitea#4973

Signed-off-by: Andrew Thornton <[email protected]>
    @zeripath
    zeripath committed Jan 11, 2019
    Configuration menu
    Copy the full SHA
    9749661 View commit details
    Browse the repository at this point in the history

Commits on Jan 12, 2019

  1. Update auth_openid.go 

    Place error log within the `err != nil` branch.
    @zeripath
    zeripath committed Jan 12, 2019
    Configuration menu
    Copy the full SHA
    6b08894 View commit details
    Browse the repository at this point in the history

  2. Merge branch 'master' into issue-4793-ssrf-in-openid

    @techknowlogick
    techknowlogick committed Jan 12, 2019
    Configuration menu
    Copy the full SHA
    327f45e View commit details
    Browse the repository at this point in the history

  3. Merge branch 'master' into issue-4793-ssrf-in-openid

    @techknowlogick
    techknowlogick committed Jan 12, 2019
    Configuration menu
    Copy the full SHA
    4b76b48 View commit details
    Browse the repository at this point in the history