Hopiu/wagtail
1
0
Fork 0
mirror of https://github.com/Hopiu/wagtail.git synced 2026-05-20 13:01:56 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Reject null characters in redirect URLs

Browse source
This commit is contained in:
Matt Westcott 2018-07-03 16:55:59 +01:00
parent 51ee04db42
commit 1aaad64a6f
2 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
wagtail/wagtailredirects/middleware.py
View file

@ -15,6 +15,9 @@ else:
def _get_redirect(request, path):
if '\0' in path: # reject URLs with null characters, which crash on Postgres (#4496)
return None
try:
return models.Redirect.get_for_site(request.site).get(old_path=path)
except models.Redirect.MultipleObjectsReturned:

13
wagtail/wagtailredirects/tests.py
View file

@ -273,6 +273,19 @@ class TestRedirects(TestCase):
self.assertRedirects(response, '/redirectto', status_code=301, fetch_redirect_response=False)
def test_reject_null_characters(self):
response = self.client.get('/test%00test/')
self.assertEqual(response.status_code, 404)
response = self.client.get('/test\0test/')
self.assertEqual(response.status_code, 404)
response = self.client.get('/test/?foo=%00bar')
self.assertEqual(response.status_code, 404)
response = self.client.get('/test/?foo=\0bar')
self.assertEqual(response.status_code, 404)
class TestRedirectsIndexView(TestCase, WagtailTestUtils):
def setUp(self):