Issue 22663: fix redirect vulnerability in urllib/urllib2.
This commit is contained in:
parent
ce5d0e22fc
commit
60a4a90c8d
|
@ -638,10 +638,19 @@ class FancyURLopener(URLopener):
|
|||
newurl = headers['uri']
|
||||
else:
|
||||
return
|
||||
void = fp.read()
|
||||
fp.close()
|
||||
|
||||
# In case the server sent a relative URL, join with original:
|
||||
newurl = basejoin(self.type + ":" + url, newurl)
|
||||
|
||||
# For security reasons we do not allow redirects to protocols
|
||||
# other than HTTP or HTTPS.
|
||||
newurl_lower = newurl.lower()
|
||||
if not (newurl_lower.startswith('http://') or
|
||||
newurl_lower.startswith('https://')):
|
||||
return
|
||||
|
||||
void = fp.read()
|
||||
fp.close()
|
||||
return self.open(newurl)
|
||||
|
||||
def http_error_301(self, url, fp, errcode, errmsg, headers, data=None):
|
||||
|
|
|
@ -555,6 +555,13 @@ class HTTPRedirectHandler(BaseHandler):
|
|||
return
|
||||
newurl = urlparse.urljoin(req.get_full_url(), newurl)
|
||||
|
||||
# For security reasons we do not allow redirects to protocols
|
||||
# other than HTTP or HTTPS.
|
||||
newurl_lower = newurl.lower()
|
||||
if not (newurl_lower.startswith('http://') or
|
||||
newurl_lower.startswith('https://')):
|
||||
return
|
||||
|
||||
# XXX Probably want to forget about the state of the current
|
||||
# request, although that might interact poorly with other
|
||||
# handlers that also use handler-specific request attributes
|
||||
|
|
Loading…
Reference in New Issue