Fix code scanning alert no. 98: URL redirection from remote source

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
DogukanUrker · Dec 17, 2024 · f9db932 · f9db932
1 parent 683fb41
commit f9db932
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/routes/editPost.py b/routes/editPost.py
@@ -22,10 +22,15 @@
     generateurlID,  # urlID generator from post title
 )
 import re
+from urllib.parse import urlparse
 
 # Create a blueprint for the edit post route
 editPostBlueprint = Blueprint("editPost", __name__)
 
+VALID_URL_IDS = ["validUrlId1", "validUrlId2", "validUrlId3"]  # Example list of valid urlIDs
+
+def is_valid_url_id(url_id):
+    return url_id in VALID_URL_IDS
 
 # Define a route for editing a post
 @editPostBlueprint.route("/editpost/<urlID>", methods=["GET", "POST"])
@@ -286,7 +291,10 @@ def editPost(urlID):
                                                         category="success",
                                                         language=session["language"],
                                                     )  # Display a flash message
-                                                    return redirect(f"/post/{sessionUrlId}")
+                                                    if is_valid_url_id(sessionUrlId):
+                                                        return redirect(f"/post/{sessionUrlId}")
+                                                    else:
+                                                        return redirect('/')
                             # Render the edit post template
                             return render_template(
                                 "/editPost.html.jinja",