added url check
This commit is contained in:
@@ -41,6 +41,7 @@ from .utils import (
|
||||
get_course,
|
||||
token_required,
|
||||
get_cached_deck_info,
|
||||
is_safe_url
|
||||
)
|
||||
|
||||
|
||||
@@ -131,6 +132,10 @@ def set_cookie(token):
|
||||
current_app.logger.debug("next_url not present redirecting to index")
|
||||
next_url = url_for("main.index")
|
||||
|
||||
if not is_safe_url(next_url):
|
||||
current_app.logger.warning(f"Blocked unsafe redirect attempt to: {next_url}")
|
||||
return abort(400)
|
||||
|
||||
resp = make_response(redirect(next_url))
|
||||
resp.set_cookie(
|
||||
"access_token", serialize_token(token), httponly=True, samesite="Lax", path="/"
|
||||
@@ -260,6 +265,10 @@ def admin_login():
|
||||
|
||||
next_page = request.args.get("next")
|
||||
|
||||
if next_page and not is_safe_url(next_page):
|
||||
current_app.logger.warning(f"Blocked unsafe redirect attempt to: {next_page}")
|
||||
return abort(400)
|
||||
|
||||
if next_page:
|
||||
session["next_url"] = next_page
|
||||
|
||||
|
||||
Reference in New Issue
Block a user