From 87f02d90cf4faef0e6789b29ecf4184595236b13 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Mon, 31 Aug 2020 00:55:19 +0200 Subject: [PATCH] Escape provider name in oauth2 provider redirect (#12650) Signed-off-by: Andrew Thornton Co-authored-by: Andrew Thornton --- modules/auth/oauth2/oauth2.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/auth/oauth2/oauth2.go b/modules/auth/oauth2/oauth2.go index 78be3954ed..2c982e1dca 100644 --- a/modules/auth/oauth2/oauth2.go +++ b/modules/auth/oauth2/oauth2.go @@ -6,6 +6,7 @@ package oauth2 import ( "net/http" + "net/url" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" @@ -119,7 +120,7 @@ func RemoveProvider(providerName string) { // used to create different types of goth providers func createProvider(providerName, providerType, clientID, clientSecret, openIDConnectAutoDiscoveryURL string, customURLMapping *CustomURLMapping) (goth.Provider, error) { - callbackURL := setting.AppURL + "user/oauth2/" + providerName + "/callback" + callbackURL := setting.AppURL + "user/oauth2/" + url.PathEscape(providerName) + "/callback" var provider goth.Provider var err error