From c5144793aec396dce9768ce0e7540c2749cb3d42 Mon Sep 17 00:00:00 2001
From: Quang Vo <37280106+mr-r3bot@users.noreply.github.com>
Date: Thu, 8 Jun 2023 15:47:53 +0700
Subject: [PATCH] Fix open redirect

Should check for `/\\` case
---
 modules/context/context_response.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/context/context_response.go b/modules/context/context_response.go
index aeeb51ba377f2..7e2779b3f5a4c 100644
--- a/modules/context/context_response.go
+++ b/modules/context/context_response.go
@@ -51,7 +51,7 @@ func (ctx *Context) RedirectToFirst(location ...string) {
 
 		// Unfortunately browsers consider a redirect Location with preceding "//" and "/\" as meaning redirect to "http(s)://REST_OF_PATH"
 		// Therefore we should ignore these redirect locations to prevent open redirects
-		if len(loc) > 1 && loc[0] == '/' && (loc[1] == '/' || loc[1] == '\\') {
+		if len(loc) > 1 && (loc[0] == '/' && loc[0] == '\\') && (loc[1] == '/' || loc[1] == '\\') {
 			continue
 		}