Prevent open redirects when a malformed URL is passed to ?next=

Example: "/login?next=http:///google.com" (note 3rd slash)
This commit is contained in:
Nick Greenfield
2014-09-26 11:08:58 -07:00
parent 76ad77a233
commit 8b036f2a3e
2 changed files with 7 additions and 1 deletions
+1 -1
View File
@@ -212,7 +212,7 @@ def validate_redirect_url(url):
return False
url_next = urlsplit(url)
url_base = urlsplit(request.host_url)
if url_next.netloc and url_next.netloc != url_base.netloc:
if url_next.scheme and url_next.netloc != url_base.netloc:
return False
return True
+6
View File
@@ -40,6 +40,12 @@ def test_authenticate_with_invalid_next(client, get_message):
assert get_message('INVALID_REDIRECT') in response.data
def test_authenticate_with_invalid_malformed_next(client, get_message):
data = dict(email='matt@lp.com', password='password')
response = client.post('/login?next=http:///google.com', data=data)
assert get_message('INVALID_REDIRECT') in response.data
def test_authenticate_case_insensitive_email(app, client):
response = authenticate(client, 'MATT@lp.com', follow_redirects=True)
assert b'Hello matt@lp.com' in response.data