One of the default HTTP redirect checks, located here, is presumably to prevent a redirect if credentials are embedded in the URL:
-- Check if there's any credentials in the urlfunction (url, host, port)
-- bail if userinfo is presentreturn ( url.userinfoandfalse ) ortrueend,
The return expression is patently broken as it always returns true:
$ lua
Lua 5.3.4 Copyright (C) 1994-2017 Lua.org, PUC-Rio
> url={userinfo="whatever"}
> print((url.userinfo and false) or true)
true
> url.userinfo=nil
> print((url.userinfo and false) or true)
true
The following patch resolves the issue:
--- a/nselib/http.lua+++ b/nselib/http.lua@@ -1479,7 +1479,7 @@
-- Check if there's any credentials in the url
function (url, host, port)
-- bail if userinfo is present
- return ( url.userinfo and false ) or true+ return not url.userinfo
end,
-- Check if the location is within the domain or host
Please let me know if you have any questions or concerns. Otherwise I will commit the patch in a few weeks.
The text was updated successfully, but these errors were encountered:
One of the default HTTP redirect checks, located here, is presumably to prevent a redirect if credentials are embedded in the URL:
The return expression is patently broken as it always returns true:
The following patch resolves the issue:
Please let me know if you have any questions or concerns. Otherwise I will commit the patch in a few weeks.
The text was updated successfully, but these errors were encountered: