From 17c37b7e8dc2f4b631722dc567ebc1fa5c8b70e1 Mon Sep 17 00:00:00 2001
From: nnposter <nnposter@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Wed, 19 Apr 2017 18:30:13 +0000
Subject: [PATCH] Corrects a default HTTP redirect rule: A redirect should not
 be carried out if credentials are embedded in the URL. Fixes #826

---
 nselib/http.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nselib/http.lua b/nselib/http.lua
index be7ecc2c3..793d80013 100644
--- a/nselib/http.lua
+++ b/nselib/http.lua
@@ -1479,7 +1479,7 @@ local redirect_ok_rules = {
   -- Check if there's any credentials in the url
   function (url, host, port)
     -- bail if userinfo is present
-    return ( url.userinfo and false ) or true
+    return not url.userinfo
   end,
 
   -- Check if the location is within the domain or host