From ebfcf224769ca25574f610a6b632cbe394164e0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Do=C4=9Fukan=20=C3=9Crker?= Date: Wed, 17 Jan 2024 15:18:13 +0300 Subject: [PATCH] "URL redirection from remote source" security issue fixed --- helpers.py | 1 + routes/dashboard.py | 8 +++++++- routes/login.py | 16 +++++++++++++--- routes/post.py | 5 +++-- 4 files changed, 24 insertions(+), 6 deletions(-) diff --git a/helpers.py b/helpers.py index 765d126c..ce7a964d 100644 --- a/helpers.py +++ b/helpers.py @@ -27,6 +27,7 @@ from flask import ( Flask, flash, + url_for, request, session, redirect, diff --git a/routes/dashboard.py b/routes/dashboard.py index da2546a4..d08b3791 100644 --- a/routes/dashboard.py +++ b/routes/dashboard.py @@ -1,5 +1,6 @@ from helpers import ( flash, + url_for, request, session, sqlite3, @@ -38,7 +39,12 @@ def dashboard(userName): if "postDeleteButton" in request.form: postID = request.form["postID"] deletePost(postID) - return redirect(f"/dashboard/{userName}") + return ( + redirect( + url_for("dashboard.dashboard", userName=userName) + ), + 301, + ) comments = cursor.fetchall() if posts: showPosts = True diff --git a/routes/login.py b/routes/login.py index 631d1589..26d91c29 100644 --- a/routes/login.py +++ b/routes/login.py @@ -1,5 +1,6 @@ from helpers import ( flash, + url_for, session, request, sqlite3, @@ -25,7 +26,10 @@ def login(direct): match "userName" in session: case True: message("1", f'USER: "{session["userName"]}" ALREADY LOGGED IN') - return redirect(direct) + return ( + redirect(direct), + 301, + ) case False: form = loginForm(request.form) if request.method == "POST": @@ -48,10 +52,16 @@ def login(direct): addPoints(1, session["userName"]) message("2", f'USER: "{user[1]}" LOGGED IN') flash(f"Welcome {user[1]}", "success") - return redirect(direct) + return ( + redirect(direct), + 301, + ) else: message("1", "WRONG PASSWORD") flash("wrong password", "error") return render_template("login.html", form=form, hideLogin=True) case False: - return redirect(direct) + return ( + redirect(direct), + 301, + ) diff --git a/routes/post.py b/routes/post.py index d1c63ef5..ab607d85 100644 --- a/routes/post.py +++ b/routes/post.py @@ -4,6 +4,7 @@ sqlite3, request, message, + url_for, redirect, addPoints, Blueprint, @@ -47,7 +48,7 @@ def post(postID): return redirect(f"/") elif "commentDeleteButton" in request.form: deleteComment(request.form["commentID"]) - return redirect(f"/post/{postID}") + return redirect(url_for("post.post", postID=postID)), 301 else: comment = request.form["comment"] connection = sqlite3.connect(DB_COMMENTS_ROOT) @@ -70,7 +71,7 @@ def post(postID): ) addPoints(5, session["userName"]) flash("You earned 5 points by commenting ", "success") - return redirect(f"/post/{postID}") + return redirect(url_for("post.post", postID=postID)), 301 connection = sqlite3.connect(DB_COMMENTS_ROOT) cursor = connection.cursor() cursor.execute(