From 02e990a89bcb1e55ea4b71f51cc5c24bfe11f885 Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Sat, 8 Aug 2020 23:39:40 +0100
Subject: [PATCH] Prevent redirect back to /user/events (#12462)

This PR prevents 2 further ways of causing the redirect cookie to be set
to redirect back to /user/events

Signed-off-by: Andrew Thornton <art27@cantab.net>
---
 modules/context/auth.go | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/modules/context/auth.go b/modules/context/auth.go
index 86922aae5..14dfab734 100644
--- a/modules/context/auth.go
+++ b/modules/context/auth.go
@@ -84,8 +84,9 @@ func Toggle(options *ToggleOptions) macaron.Handler {
 					})
 					return
 				}
-
-				ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL)
+				if ctx.Req.URL.Path != "/user/events" {
+					ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL)
+				}
 				ctx.Redirect(setting.AppSubURL + "/user/login")
 				return
 			} else if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
@@ -120,7 +121,9 @@ func Toggle(options *ToggleOptions) macaron.Handler {
 		// Redirect to log in page if auto-signin info is provided and has not signed in.
 		if !options.SignOutRequired && !ctx.IsSigned && !auth.IsAPIPath(ctx.Req.URL.Path) &&
 			len(ctx.GetCookie(setting.CookieUserName)) > 0 {
-			ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL)
+			if ctx.Req.URL.Path != "/user/events" {
+				ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL)
+			}
 			ctx.Redirect(setting.AppSubURL + "/user/login")
 			return
 		}