blitzwing/wikimore
1
0
Fork 0
forked from PrivateCoffee/wikimore
Code Pull requests Activity

fix(proxy): validate URL to prevent invalid inputs

Browse source 
Added a URL validation check in the proxy endpoint to ensure the URL starts with "https://upload.wikimedia.org/". This prevents potential misuse or errors caused by processing invalid URLs.

Ensures only acceptable and expected URLs are processed, improving security and stability.
This commit is contained in:
Kumi 2024-07-16 07:51:01 +02:00
parent c436885cbc
commit fcb6a4aa96
Signed by: kumi
GPG key ID: ECBCC9082395383F
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app.py
View file

@ -27,6 +27,10 @@ def get_proxy_url(url):
@app.route("/proxy") @app.route("/proxy")
def proxy(): def proxy():
url = request.args.get("url") url = request.args.get("url")
if not url or not url.startswith("https://upload.wikimedia.org/"):
return "Invalid URL"
with urllib.request.urlopen(url) as response: with urllib.request.urlopen(url) as response:
data = response.read() data = response.read()
return data return data