0001-utils-verify-next_url-without-encoding-it.patch
src/authentic2/utils/__init__.py | ||
---|---|---|
940 | 940 |
return False |
941 | 941 | |
942 | 942 | |
943 |
def is_ascii(something): |
|
944 |
try: |
|
945 |
something.encode('ascii') |
|
946 |
return True |
|
947 |
except UnicodeEncodeError: |
|
948 |
return False |
|
949 | ||
950 | ||
943 | 951 |
def get_next_url(params, field_name=None): |
944 |
field_name = field_name or REDIRECT_FIELD_NAME |
|
945 | 952 |
'''Extract and decode a next_url field''' |
953 |
field_name = field_name or REDIRECT_FIELD_NAME |
|
946 | 954 |
next_url = params.get(field_name) |
947 | 955 |
if not next_url: |
948 | 956 |
return None |
949 |
try: |
|
950 |
next_url = next_url.encode('ascii') |
|
951 |
except UnicodeEncodeError: |
|
952 |
return None |
|
953 |
if not is_valid_url(next_url): |
|
957 |
if not is_ascii(next_url) or not is_valid_url(next_url): |
|
954 | 958 |
return None |
955 | 959 |
return next_url |
956 | 960 | |
957 |
- |