Better error handling on next parameter

This commit is contained in:
Ozzie Isaacs 2024-02-12 20:58:26 +01:00
parent 2bfb02c448
commit 0180b4b6b5
3 changed files with 583 additions and 741 deletions

17
cps/redirect.py Normal file → Executable file
View file

@ -29,7 +29,7 @@
from urllib.parse import urlparse, urljoin
from flask import request, url_for, redirect
from flask import request, url_for, redirect, current_app
def is_safe_url(target):
@ -38,16 +38,15 @@ def is_safe_url(target):
return test_url.scheme in ('http', 'https') and ref_url.netloc == test_url.netloc
def get_redirect_target():
for target in request.values.get('next'), request.referrer:
if not target:
continue
if is_safe_url(target):
return target
def remove_prefix(text, prefix):
if text.startswith(prefix):
return text[len(prefix):]
return ""
def redirect_back(endpoint, **values):
target = request.form['next']
if not target or not is_safe_url(target):
target = request.form.get('next', None) or url_for(endpoint, **values)
adapter = current_app.url_map.bind(urlparse(request.host_url).netloc)
if not len(adapter.allowed_methods(remove_prefix(target, request.environ.get('HTTP_X_SCRIPT_NAME',"")))):
target = url_for(endpoint, **values)
return redirect(target)

View file

@ -1322,7 +1322,7 @@ def handle_login_user(user, remember, message, category):
ub.store_user_session()
flash(message, category=category)
[limiter.limiter.storage.clear(k.key) for k in limiter.current_limits]
return redirect_back(url_for("web.index"))
return redirect_back("web.index")
def render_login(username="", password=""):

File diff suppressed because it is too large Load diff