From dfb96ed84bd7533abc411b148f0b27bf65321b3e Mon Sep 17 00:00:00 2001
From: Zeger-Jan van de Weg <zegerjan@gitlab.com>
Date: Mon, 7 Mar 2016 10:36:16 +0100
Subject: [PATCH] ContinueToParams -> ContinueParams

---
 CHANGELOG                                                     | 1 +
 .../concerns/{continue_to_params.rb => continue_params.rb}    | 4 ++--
 app/controllers/projects/forks_controller.rb                  | 2 +-
 app/controllers/projects/imports_controller.rb                | 2 +-
 4 files changed, 5 insertions(+), 4 deletions(-)
 rename app/controllers/concerns/{continue_to_params.rb => continue_params.rb} (69%)

diff --git a/CHANGELOG b/CHANGELOG
index d4554b96190..1929b6306db 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -45,6 +45,7 @@ v 8.5.3
   - Show commit message in JIRA mention comment
   - Makes issue page and merge request page usable on mobile browsers.
   - Improved UI for profile settings
+  - Continue parameters are checked to ensure redirection goes to the same instance
 
 v 8.5.2
   - Fix sidebar overlapping content when screen width was below 1200px
diff --git a/app/controllers/concerns/continue_to_params.rb b/app/controllers/concerns/continue_params.rb
similarity index 69%
rename from app/controllers/concerns/continue_to_params.rb
rename to app/controllers/concerns/continue_params.rb
index 8b6c7051968..2ff7250922d 100644
--- a/app/controllers/concerns/continue_to_params.rb
+++ b/app/controllers/concerns/continue_params.rb
@@ -1,4 +1,4 @@
-module ContinueToParams
+module ContinueParams
   extend ActiveSupport::Concern
 
   def continue_params
@@ -6,7 +6,7 @@ module ContinueToParams
     return nil unless continue_params
 
     continue_params       = continue_params.permit(:to, :notice, :notice_now)
-    continue_params[:to]  = root_url unless continue_params[:to].start_with?('/')
+    return unless continue_params[:to] && continue_params[:to].start_with?('/')
 
     continue_params
   end
diff --git a/app/controllers/projects/forks_controller.rb b/app/controllers/projects/forks_controller.rb
index c4884c13b12..a1b8632df98 100644
--- a/app/controllers/projects/forks_controller.rb
+++ b/app/controllers/projects/forks_controller.rb
@@ -1,5 +1,5 @@
 class Projects::ForksController < Projects::ApplicationController
-  include ContinueToParams
+  include ContinueParams
 
   # Authorize
   before_action :require_non_empty_project
diff --git a/app/controllers/projects/imports_controller.rb b/app/controllers/projects/imports_controller.rb
index 3756fc9139c..7756f0f0ed3 100644
--- a/app/controllers/projects/imports_controller.rb
+++ b/app/controllers/projects/imports_controller.rb
@@ -1,5 +1,5 @@
 class Projects::ImportsController < Projects::ApplicationController
-  include ContinueToParams
+  include ContinueParams
 
   # Authorize
   before_action :authorize_admin_project!
-- 
GitLab