Skip to content

Commit

Permalink
"URL redirection from remote source" security issue fixed
Browse files Browse the repository at this point in the history
  • Loading branch information
@DogukanUrker
DogukanUrker committed Jan 17, 2024
1 parent 3fa5fdc commit ebfcf22
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 6 deletions.
1 change: 1 addition & 0 deletions helpers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
from flask import (
Flask,
flash,
url_for,
request,
session,
redirect,
Expand Down
8 changes: 7 additions & 1 deletion routes/dashboard.py
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
from helpers import (
flash,
url_for,
request,
session,
sqlite3,
Expand Down Expand Up @@ -38,7 +39,12 @@ def dashboard(userName):
if "postDeleteButton" in request.form:
postID = request.form["postID"]
deletePost(postID)
return redirect(f"/dashboard/{userName}")
return (
redirect(
url_for("dashboard.dashboard", userName=userName)
),
301,
)
comments = cursor.fetchall()
if posts:
showPosts = True
Expand Down
16 changes: 13 additions & 3 deletions routes/login.py
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
from helpers import (
flash,
url_for,
session,
request,
sqlite3,
Expand All @@ -25,7 +26,10 @@ def login(direct):
match "userName" in session:
case True:
message("1", f'USER: "{session["userName"]}" ALREADY LOGGED IN')
return redirect(direct)
return (
redirect(direct),
301,
)
case False:
form = loginForm(request.form)
if request.method == "POST":
Expand All @@ -48,10 +52,16 @@ def login(direct):
addPoints(1, session["userName"])
message("2", f'USER: "{user[1]}" LOGGED IN')
flash(f"Welcome {user[1]}", "success")
return redirect(direct)
return (
redirect(direct),
301,
)
else:
message("1", "WRONG PASSWORD")
flash("wrong password", "error")
return render_template("login.html", form=form, hideLogin=True)
case False:
return redirect(direct)
return (
redirect(direct),
301,
)
5 changes: 3 additions & 2 deletions routes/post.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
sqlite3,
request,
message,
url_for,
redirect,
addPoints,
Blueprint,
Expand Down Expand Up @@ -47,7 +48,7 @@ def post(postID):
return redirect(f"/")
elif "commentDeleteButton" in request.form:
deleteComment(request.form["commentID"])
return redirect(f"/post/{postID}")
return redirect(url_for("post.post", postID=postID)), 301
else:
comment = request.form["comment"]
connection = sqlite3.connect(DB_COMMENTS_ROOT)
Expand All @@ -70,7 +71,7 @@ def post(postID):
)
addPoints(5, session["userName"])
flash("You earned 5 points by commenting ", "success")
return redirect(f"/post/{postID}")
return redirect(url_for("post.post", postID=postID)), 301
connection = sqlite3.connect(DB_COMMENTS_ROOT)
cursor = connection.cursor()
cursor.execute(
Expand Down

0 comments on commit ebfcf22

Please sign in to comment.