Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
fix open redirect
  • Loading branch information
Uzay-G committed Feb 24, 2022
1 parent fa389e7 commit 2d8cb29
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 3 deletions.
12 changes: 11 additions & 1 deletion archivy/helpers.py
Expand Up @@ -5,8 +5,9 @@
import elasticsearch
import yaml
from elasticsearch import Elasticsearch
from flask import current_app, g
from flask import current_app, g, request
from tinydb import TinyDB, Query, operations
from urllib.parse import urlparse, urljoin

from archivy.config import BaseHooks, Config

Expand Down Expand Up @@ -230,3 +231,12 @@ def create_plugin_dir(name):
return True
except FileExistsError:
return False


def is_safe_redirect_url(target):
host_url = urlparse(request.host_url)
redirect_url = urlparse(urljoin(request.host_url, target))
return (
redirect_url.scheme in ("http", "https")
and host_url.netloc == redirect_url.netloc
)
7 changes: 5 additions & 2 deletions archivy/routes.py
Expand Up @@ -19,7 +19,7 @@

from archivy.models import DataObj, User
from archivy import data, app, forms, csrf
from archivy.helpers import get_db, write_config
from archivy.helpers import get_db, write_config, is_safe_redirect_url
from archivy.tags import get_all_tags
from archivy.search import search, search_frontmatter_tags
from archivy.config import Config
Expand Down Expand Up @@ -264,7 +264,10 @@ def login():
flash("Login successful!", "success")

next_url = request.args.get("next")
return redirect(next_url or "/")
if next_url and is_safe_redirect_url(next_url):
return redirect(next_url)
else:
return redirect("/")

flash("Invalid credentials", "error")
return redirect("/login")
Expand Down

0 comments on commit 2d8cb29

Please sign in to comment.