| skipped 6 lines |
| 7 | 7 | | "html/template" |
| 8 | 8 | | "net/http" |
| 9 | 9 | | "net/url" |
| | 10 | + | "strings" |
| 10 | 11 | | "time" |
| 11 | 12 | | |
| 12 | 13 | | "github.com/NYTimes/gziphandler" |
| skipped 283 lines |
| 296 | 297 | | next := "/" |
| 297 | 298 | | url, err := url.Parse(r.FormValue("next")) |
| 298 | 299 | | if err == nil { |
| 299 | | - | path := url.Path |
| | 300 | + | path := url.EscapedPath() |
| 300 | 301 | | if path != "" { |
| 301 | | - | next = path |
| | 302 | + | next = "/" + strings.TrimLeft(path, "/") |
| 302 | 303 | | } |
| 303 | 304 | | } |
| 304 | 305 | | http.Redirect(w, r, next, http.StatusFound) |
| skipped 190 lines |
