Commit 8b036f2a authored by Nick Greenfield's avatar Nick Greenfield
Browse files

Prevent open redirects when a malformed URL is passed to ?next=

Example: "/login?next=http:///google.com" (note 3rd slash)
parent 76ad77a2
......@@ -212,7 +212,7 @@ def validate_redirect_url(url):
return False
url_next = urlsplit(url)
url_base = urlsplit(request.host_url)
if url_next.netloc and url_next.netloc != url_base.netloc:
if url_next.scheme and url_next.netloc != url_base.netloc:
return False
return True
......
......@@ -40,6 +40,12 @@ def test_authenticate_with_invalid_next(client, get_message):
assert get_message('INVALID_REDIRECT') in response.data
def test_authenticate_with_invalid_malformed_next(client, get_message):
data = dict(email='matt@lp.com', password='password')
response = client.post('/login?next=http:///google.com', data=data)
assert get_message('INVALID_REDIRECT') in response.data
def test_authenticate_case_insensitive_email(app, client):
response = authenticate(client, 'MATT@lp.com', follow_redirects=True)
assert b'Hello matt@lp.com' in response.data
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment