calibre-web/cps/redirect.py

# http://flask.pocoo.org/snippets/62/

from urlparse import urlparse, urljoin
from flask import request, url_for, redirect


def is_safe_url(target):
    ref_url = urlparse(request.host_url)
    test_url = urlparse(urljoin(request.host_url, target))
    return test_url.scheme in ('http', 'https') and ref_url.netloc == test_url.netloc


def get_redirect_target():
    for target in request.values.get('next'), request.referrer:
        if not target:
            continue
        if is_safe_url(target):
            return target


def redirect_back(endpoint, **values):
    target = request.form['next']
    if not target or not is_safe_url(target):
        target = url_for(endpoint, **values)
    return redirect(target)
Add "magic link" functionality When using a device that is bothersome to log in on (e.g. a Kindle) you can use a magic link to log in via another device. Configuration was added and is disabled by default. 2017-07-08 01:18:03 +00:00			`# http://flask.pocoo.org/snippets/62/`

			`from urlparse import urlparse, urljoin`
			`from flask import request, url_for, redirect`


			`def is_safe_url(target):`
			`ref_url = urlparse(request.host_url)`
			`test_url = urlparse(urljoin(request.host_url, target))`
			`return test_url.scheme in ('http', 'https') and ref_url.netloc == test_url.netloc`


			`def get_redirect_target():`
			`for target in request.values.get('next'), request.referrer:`
			`if not target:`
			`continue`
			`if is_safe_url(target):`
			`return target`


			`def redirect_back(endpoint, **values):`
			`target = request.form['next']`
			`if not target or not is_safe_url(target):`
			`target = url_for(endpoint, **values)`
			`return redirect(target)`