Add more URL validation in media proxy
This commit is contained in:
Frédéric Guillot
parent
bce21a9f91
commit
97feec8ebf
1 changed files with 22 additions and 0 deletions
|
|
@ -10,6 +10,7 @@ import (
|
|||
"errors"
|
||||
"log/slog"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"time"
|
||||
|
||||
"miniflux.app/v2/internal/config"
|
||||
|
|
@ -54,6 +55,27 @@ func (h *handler) mediaProxy(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
u, err := url.Parse(string(decodedURL))
|
||||
if err != nil {
|
||||
html.BadRequest(w, r, errors.New("invalid URL provided"))
|
||||
return
|
||||
}
|
||||
|
||||
if u.Scheme != "http" && u.Scheme != "https" {
|
||||
html.BadRequest(w, r, errors.New("invalid URL provided"))
|
||||
return
|
||||
}
|
||||
|
||||
if u.Host == "" {
|
||||
html.BadRequest(w, r, errors.New("invalid URL provided"))
|
||||
return
|
||||
}
|
||||
|
||||
if !u.IsAbs() {
|
||||
html.BadRequest(w, r, errors.New("invalid URL provided"))
|
||||
return
|
||||
}
|
||||
|
||||
mediaURL := string(decodedURL)
|
||||
slog.Debug("MediaProxy: Fetching remote resource",
|
||||
slog.String("media_url", mediaURL),
|
||||
|
|
|
|||
Loading…
Reference in a new issue