dinislage/web2py
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #2210 from timnyborg/patch-5

Browse Source 
prevent open redirects with no protocol specified
This commit is contained in:
mdipierro
2019-05-25 00:21:20 -07:00
committed by GitHub
parent 22f95677d9 99d3d1d465
commit c02ee6a5c0
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
gluon/tools.py
+1 -1
View File
@@ -1754,7 +1754,7 @@ class Auth(AuthAPI):
# _next variable in the request.
if next:
parts = next.split('/')
if ':' not in parts[0]:
if ':' not in parts[0] and parts[:2] != ['', '']:
return next
elif len(parts) > 2 and parts[0].endswith(':') and parts[1:3] == ['', host]:
return next