Prevent redirect to Host (2)

Unhelpfully Locations starting with `/\` will be converted by the
browser to `//` because ... well I do not fully understand. Certainly
the RFCs and MDN do not indicate that this would be expected. Providing
"compatibility" with the (mis)behaviour of a certain proprietary OS is
my suspicion. However, we clearly have to protect against this.

Therefore we should reject redirection locations that match the regular
expression: `^/[\\\\/]+`

Reference #9678

Signed-off-by: Andrew Thornton <[email protected]>

Author: zeripath

modules/context/context.go

@@ -17,6 +17,7 @@ import (
 	"net/http"
 	"net/url"
 	"path"
+	"regexp"
 	"strconv"
 	"strings"
 	"time"
@@ -174,13 +175,19 @@ func (ctx *Context) HasValue(name string) bool {
 	return ok
 }
 
+var precedingSlashesRE = regexp.MustCompile(`^/[\\/]+`)
+
 // RedirectToFirst redirects to first not empty URL
 func (ctx *Context) RedirectToFirst(location ...string) {
 	for _, loc := range location {
 		if len(loc) == 0 {
 			continue
 		}
 
+		if precedingSlashesRE.MatchString(loc) {
+			continue
+		}
+
 		u, err := url.Parse(loc)
 		if err != nil || ((u.Scheme != "" || u.Host != "") && !strings.HasPrefix(strings.ToLower(loc), strings.ToLower(setting.AppURL))) {
 			continue