1
0
mirror of https://github.com/janeczku/calibre-web synced 2024-12-25 09:30:31 +00:00

Better error handling on next parameter

This commit is contained in:
Ozzie Isaacs 2024-02-12 20:58:26 +01:00
parent 2bfb02c448
commit 0180b4b6b5
3 changed files with 583 additions and 741 deletions

17
cps/redirect.py Normal file → Executable file
View File

@ -29,7 +29,7 @@
from urllib.parse import urlparse, urljoin from urllib.parse import urlparse, urljoin
from flask import request, url_for, redirect from flask import request, url_for, redirect, current_app
def is_safe_url(target): def is_safe_url(target):
@ -38,16 +38,15 @@ def is_safe_url(target):
return test_url.scheme in ('http', 'https') and ref_url.netloc == test_url.netloc return test_url.scheme in ('http', 'https') and ref_url.netloc == test_url.netloc
def get_redirect_target(): def remove_prefix(text, prefix):
for target in request.values.get('next'), request.referrer: if text.startswith(prefix):
if not target: return text[len(prefix):]
continue return ""
if is_safe_url(target):
return target
def redirect_back(endpoint, **values): def redirect_back(endpoint, **values):
target = request.form['next'] target = request.form.get('next', None) or url_for(endpoint, **values)
if not target or not is_safe_url(target): adapter = current_app.url_map.bind(urlparse(request.host_url).netloc)
if not len(adapter.allowed_methods(remove_prefix(target, request.environ.get('HTTP_X_SCRIPT_NAME',"")))):
target = url_for(endpoint, **values) target = url_for(endpoint, **values)
return redirect(target) return redirect(target)

View File

@ -1322,7 +1322,7 @@ def handle_login_user(user, remember, message, category):
ub.store_user_session() ub.store_user_session()
flash(message, category=category) flash(message, category=category)
[limiter.limiter.storage.clear(k.key) for k in limiter.current_limits] [limiter.limiter.storage.clear(k.key) for k in limiter.current_limits]
return redirect_back(url_for("web.index")) return redirect_back("web.index")
def render_login(username="", password=""): def render_login(username="", password=""):

File diff suppressed because it is too large Load Diff