Add another allowed character for cookie redirects

author: Dan Fandrich <danf@mageia.org> 2025-05-23 19:13:54 -0700
committer: Dan Fandrich <danf@mageia.org> 2025-05-23 19:13:54 -0700
commit: a4e54d7342bdf640c59b370ad960b6f3fb8fef7f (patch)
tree: a340ef90d280d590e2a1003e39b7a7fb8f0c68cb /modules/viewvc
parent: e7818b9d1f8957ed4ae02f22b1e11e681bf45549 (diff)
download: puppet-a4e54d7342bdf640c59b370ad960b6f3fb8fef7f.tar
puppet-a4e54d7342bdf640c59b370ad960b6f3fb8fef7f.tar.gz
puppet-a4e54d7342bdf640c59b370ad960b6f3fb8fef7f.tar.bz2
puppet-a4e54d7342bdf640c59b370ad960b6f3fb8fef7f.tar.xz
puppet-a4e54d7342bdf640c59b370ad960b6f3fb8fef7f.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/viewvc/files/setcookieredirect.html b/modules/viewvc/files/setcookieredirect.html
index d1b7ada4..04ec8e80 100644
--- a/modules/viewvc/files/setcookieredirect.html
+++ b/modules/viewvc/files/setcookieredirect.html
@@ -10,7 +10,7 @@
             });
             let url = params.to;
             // Sanitize redirect path to avoid malicious arbitrary redirects
-            if (/^\/[-_a-zA-Z0-9~.?&=/]*$/.test(url)) {
+            if (/^\/[-a-zA-Z0-9~_.?&=/+]*$/.test(url)) {
                 window.location.href = url;
             } else {
                 window.onload = function() {
author	Dan Fandrich <danf@mageia.org>	2025-05-23 19:13:54 -0700
committer	Dan Fandrich <danf@mageia.org>	2025-05-23 19:13:54 -0700
commit	a4e54d7342bdf640c59b370ad960b6f3fb8fef7f (patch)
tree	a340ef90d280d590e2a1003e39b7a7fb8f0c68cb /modules/viewvc
parent	e7818b9d1f8957ed4ae02f22b1e11e681bf45549 (diff)
download	puppet-a4e54d7342bdf640c59b370ad960b6f3fb8fef7f.tar puppet-a4e54d7342bdf640c59b370ad960b6f3fb8fef7f.tar.gz puppet-a4e54d7342bdf640c59b370ad960b6f3fb8fef7f.tar.bz2 puppet-a4e54d7342bdf640c59b370ad960b6f3fb8fef7f.tar.xz puppet-a4e54d7342bdf640c59b370ad960b6f3fb8fef7f.zip