From a4e54d7342bdf640c59b370ad960b6f3fb8fef7f Mon Sep 17 00:00:00 2001
From: Dan Fandrich <danf@mageia.org>
Date: Fri, 23 May 2025 19:13:54 -0700
Subject: Add another allowed character for cookie redirects

---
 modules/viewvc/files/setcookieredirect.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/viewvc/files')

diff --git a/modules/viewvc/files/setcookieredirect.html b/modules/viewvc/files/setcookieredirect.html
index d1b7ada4..04ec8e80 100644
--- a/modules/viewvc/files/setcookieredirect.html
+++ b/modules/viewvc/files/setcookieredirect.html
@@ -10,7 +10,7 @@
             });
             let url = params.to;
             // Sanitize redirect path to avoid malicious arbitrary redirects
-            if (/^\/[-_a-zA-Z0-9~.?&=/]*$/.test(url)) {
+            if (/^\/[-a-zA-Z0-9~_.?&=/+]*$/.test(url)) {
                 window.location.href = url;
             } else {
                 window.onload = function() {
-- 
cgit v1.2.1