mirrors/wagtail
mirrors/wagtail
0
0
Fork 0
mirror of https://github.com/wagtail/wagtail.git synced 2024-12-01 11:41:20 +01:00
Code Issues Releases Wiki Activity

Reject null characters in redirect URLs

Browse Source
This commit is contained in:
Matt Westcott 2018-07-03 16:55:59 +01:00
parent 3aff9f76e4
commit 879239b02c
2 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
wagtail/contrib/redirects/middleware.py
View File

@ -8,6 +8,9 @@ from wagtail.contrib.redirects import models
def _get_redirect(request, path):
if '\0' in path: # reject URLs with null characters, which crash on Postgres (#4496)
return None
try:
return models.Redirect.get_for_site(request.site).get(old_path=path)
except models.Redirect.MultipleObjectsReturned:

13
wagtail/contrib/redirects/tests.py
View File

@ -273,6 +273,19 @@ class TestRedirects(TestCase):
self.assertRedirects(response, '/redirectto', status_code=301, fetch_redirect_response=False)
def test_reject_null_characters(self):
response = self.client.get('/test%00test/')
self.assertEqual(response.status_code, 404)
response = self.client.get('/test\0test/')
self.assertEqual(response.status_code, 404)
response = self.client.get('/test/?foo=%00bar')
self.assertEqual(response.status_code, 404)
response = self.client.get('/test/?foo=\0bar')
self.assertEqual(response.status_code, 404)
class TestRedirectsIndexView(TestCase, WagtailTestUtils):
def setUp(self):