| skipped 6 lines |
7 | 7 | | "html/template" |
8 | 8 | | "net/http" |
9 | 9 | | "net/url" |
| 10 | + | "strings" |
10 | 11 | | "time" |
11 | 12 | | |
12 | 13 | | "github.com/NYTimes/gziphandler" |
| skipped 283 lines |
296 | 297 | | next := "/" |
297 | 298 | | url, err := url.Parse(r.FormValue("next")) |
298 | 299 | | if err == nil { |
299 | | - | path := url.Path |
| 300 | + | path := url.EscapedPath() |
300 | 301 | | if path != "" { |
301 | | - | next = path |
| 302 | + | next = "/" + strings.TrimLeft(path, "/") |
302 | 303 | | } |
303 | 304 | | } |
304 | 305 | | http.Redirect(w, r, next, http.StatusFound) |
| skipped 190 lines |