Projet

Général

Profil

0001-utils-verify-next_url-without-encoding-it.patch

Paul Marillonnet, 30 octobre 2019 15:58

Télécharger (1,27 ko)

Voir les différences: 

Subject: [PATCH] utils: verify next_url without encoding it


 src/authentic2/utils/__init__.py | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)
src/authentic2/utils/__init__.py
940 940 
    return False
941 941 

  		




  942
  942
  
    

  		




  
  943
  
    
def is_ascii(something):

  		




  
  944
  
    
    try:

  		




  
  945
  
    
        something.encode('ascii')

  		




  
  946
  
    
        return True

  		




  
  947
  
    
    except UnicodeEncodeError:

  		




  
  948
  
    
        return False

  		




  
  949
  
    

  		




  
  950
  
    

  		




  943
  951
  
    
def get_next_url(params, field_name=None):

  		




  944
  
  
    
    field_name = field_name or REDIRECT_FIELD_NAME

  		




  945
  952
  
    
    '''Extract and decode a next_url field'''

  		




  
  953
  
    
    field_name = field_name or REDIRECT_FIELD_NAME

  		




  946
  954
  
    
    next_url = params.get(field_name)

  		




  947
  955
  
    
    if not next_url:

  		




  948
  956
  
    
        return None

  		




  949
  
  
    
    try:

  		




  950
  
  
    
        next_url = next_url.encode('ascii')

  		




  951
  
  
    
    except UnicodeEncodeError:

  		




  952
  
  
    
        return None

  		




  953
  
  
    
    if not is_valid_url(next_url):

  		




  
  957
  
    
    if not is_ascii(next_url) or not is_valid_url(next_url):

  		




  954
  958
  
    
        return None

  		




  955
  959
  
    
    return next_url

  		




  956
  960
  
    

  		




  957
  
  
    
-