Fix code scanning alert no. 99: URL redirection from remote source

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
DogukanUrker · Dec 17, 2024 · 559678f · 559678f
1 parent 128dcdd
commit 559678f
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/routes/editPost.py b/routes/editPost.py
@@ -21,6 +21,7 @@
     RECAPTCHA_SECRET_KEY,  # Recaptcha secret key
     generateurlID,  # urlID generator from post title
 )
+import re
 
 # Create a blueprint for the edit post route
 editPostBlueprint = Blueprint("editPost", __name__)
@@ -322,4 +323,7 @@ def editPost(urlID):
                 category="error",
                 language=session["language"],
             )  # Display a flash message
-            return redirect(f"/login/redirect=&editpost&{urlID}")
+            if re.match(r'^[a-zA-Z0-9\-]+$', urlID):
+                return redirect(f"/login/redirect=&editpost&{urlID}")
+            else:
+                return redirect('/login')