Skip to content
This repository has been archived by the owner on Dec 22, 2023. It is now read-only.

Don't allow URLs that contain non-normalized paths to be verified (#2… #2

Merged
merged 1 commit into from
Nov 20, 2022
Merged

Don't allow URLs that contain non-normalized paths to be verified (#2… #2

merged 1 commit into from
Nov 20, 2022

Conversation

Corpi-42
Copy link
Owner

…0999)

  • Don't allow URLs that contain non-normalized paths to be verified

This stops things like https://example.com/otheruser/../realuser where "/otheruser" appears to be the verified URL, but the actual URL being verified is "/realuser" due to the "/../".

Also fix a test to use 'https', so it is testing the right thing, now that since mastodon#20304 https is required.

  • missing do

@dgl
Don't allow URLs that contain non-normalized paths to be verified (#2…
69378ea 
…0999)

* Don't allow URLs that contain non-normalized paths to be verified

This stops things like https://example.com/otheruser/../realuser where
"/otheruser" appears to be the verified URL, but the actual URL being
verified is "/realuser" due to the "/../".

Also fix a test to use 'https', so it is testing the right thing, now
that since #20304 https is required.

* missing do
@Corpi-42 Corpi-42 merged commit 4f3b39d into Corpi-42:rawr-changes Nov 20, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@Corpi-42 @dgl