Files
@ 38d1c99cd000
Branch filter:
Location: kallithea/tox.ini
38d1c99cd000
212 B
text/x-ini
login: enhance came_from validation
Drop urlparse and just validate that came_from is a RFC 3986 compliant path.
This blocks an HTTP header injection vulnerability discovered by
Gjoko Krstic <gjoko@zeroscience.mk> of Zero Science Lab (CVE-2015-5285)
Drop urlparse and just validate that came_from is a RFC 3986 compliant path.
This blocks an HTTP header injection vulnerability discovered by
Gjoko Krstic <gjoko@zeroscience.mk> of Zero Science Lab (CVE-2015-5285)