From 523ac4a9a03bfd23cf76e199c89c2319635fcee6 Mon Sep 17 00:00:00 2001
From: axdg <axgimenez@gmail.com>
Date: Thu, 23 Jul 2015 02:44:52 +1000
Subject: [PATCH] Handle invalid status code in Context.Redirect

Signed-off-by: Vishal Rana <vr@labstack.com>
---
 context.go | 6 +++++-
 echo.go    | 8 ++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/context.go b/context.go
index 35949363..f36daa43 100644
--- a/context.go
+++ b/context.go
@@ -7,8 +7,9 @@ import (
 
 	"fmt"
 
-	"golang.org/x/net/websocket"
 	"net/url"
+
+	"golang.org/x/net/websocket"
 )
 
 type (
@@ -171,6 +172,9 @@ func (c *Context) NoContent(code int) error {
 
 // Redirect redirects the request using http.Redirect with status code.
 func (c *Context) Redirect(code int, url string) error {
+	if code < http.StatusMultipleChoices || code > http.StatusTemporaryRedirect {
+		return InvalidRedirectCode
+	}
 	http.Redirect(c.response, c.request, url, code)
 	return nil
 }
diff --git a/echo.go b/echo.go
index b64b65f7..eef05b09 100644
--- a/echo.go
+++ b/echo.go
@@ -153,7 +153,7 @@ var (
 
 	UnsupportedMediaType  = errors.New("echo ⇒ unsupported media type")
 	RendererNotRegistered = errors.New("echo ⇒ renderer not registered")
-
+	InvalidRedirectCode   = errors.New("echo ⇒ invalid redirect status code")
 	//----------------
 	// Error handlers
 	//----------------
@@ -196,15 +196,15 @@ func New() (e *Echo) {
 		http.Error(c.response, msg, code)
 	}
 	e.SetHTTPErrorHandler(e.defaultHTTPErrorHandler)
-	e.SetBinder(func(r *http.Request, v interface{}) error {
+	e.SetBinder(func(r *http.Request, v interface{}) (err error) {
 		ct := r.Header.Get(ContentType)
-		err := UnsupportedMediaType
+		err = UnsupportedMediaType
 		if strings.HasPrefix(ct, ApplicationJSON) {
 			err = json.NewDecoder(r.Body).Decode(v)
 		} else if strings.HasPrefix(ct, ApplicationXML) {
 			err = xml.NewDecoder(r.Body).Decode(v)
 		}
-		return err
+		return
 	})
 	return
 }