1
1
mirror of https://github.com/go-gitea/gitea.git synced 2024-10-22 07:31:04 +02:00
gitea/routers/user
zeripath 2b36bdd490 Do not display the raw OpenID error in the UI (#5705)
* Do not display the raw OpenID error in the UI

If there are no `WHITELIST_URIS` or `BLACKLIST_URIS` set in the openid
section of the app.ini, it is possible that gitea can leak sensitive
information about the local network through the error provided by the
UI. This PR hides the error information and logs it.

Fix #4973

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update auth_openid.go

Place error log within the `err != nil` branch.
2019-01-12 14:24:47 -05:00
..
setting Allow for user specific themes (#5668) 2019-01-09 12:22:57 -05:00
auth_openid.go Do not display the raw OpenID error in the UI (#5705) 2019-01-12 14:24:47 -05:00
auth.go Block registration based on email domain (#5157) 2018-11-14 20:00:04 -05:00
home_test.go
home.go Improve performance of dashboard (#4977) 2018-12-13 10:55:43 -05:00
main_test.go
notification.go
profile.go User action heatmap (#5131) 2018-10-23 10:57:42 +08:00