Commit 0b6dd65d authored by Jacotsu's avatar Jacotsu
Browse files

Fixed HTML/XSS through referer header

Added flask start script for easy debugging
parent 40fcfd55
FLASK_APP=uus \
FLASK_ENV=development \
flask run
......@@ -36,15 +36,21 @@ def handle_redirect(path):
redis_store.incr('count.' + path)
referrer = flask.request.headers.get('referer')
if referrer:
safe_referrer = flask.escape(referrer)
if safe_referrer != referrer:
app.logger.warning('XSS injection attempt from {}'.format(
flask.request.remote_addr))
return flask.abort(400)
if not redis_store.exists(redis_key_for_referrer_count(path,
referrer)):
app.logger.debug('Adding {} as referer for {}'.format(
referrer, path))
safe_referrer, path))
redis_store.set(redis_key_for_referrer_count(path,
referrer), 0)
safe_referrer),
0)
redis_store.incr(redis_key_for_referrer_count(path,
referrer))
app.logger.debug('Increased counter for {}'.format(referrer))
safe_referrer))
app.logger.debug('Increased counter for {}'.format(safe_referrer))
return flask.redirect(final_url)
else:
return flask.abort(404)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment