Commit 8b036f2a authored by Nick Greenfield's avatar Nick Greenfield
Browse files

Prevent open redirects when a malformed URL is passed to ?next=

Example: "/login?next=http:///" (note 3rd slash)
parent 76ad77a2
......@@ -212,7 +212,7 @@ def validate_redirect_url(url):
return False
url_next = urlsplit(url)
url_base = urlsplit(request.host_url)
if url_next.netloc and url_next.netloc != url_base.netloc:
if url_next.scheme and url_next.netloc != url_base.netloc:
return False
return True
......@@ -40,6 +40,12 @@ def test_authenticate_with_invalid_next(client, get_message):
assert get_message('INVALID_REDIRECT') in
def test_authenticate_with_invalid_malformed_next(client, get_message):
data = dict(email='', password='password')
response ='/login?next=http:///', data=data)
assert get_message('INVALID_REDIRECT') in
def test_authenticate_case_insensitive_email(app, client):
response = authenticate(client, '', follow_redirects=True)
assert b'Hello' in
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment