indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Don't allow redirects on session get

merge-requests/30/head
Bob Mottram 2022-04-24 21:33:07 +01:00
parent 0a3a584d1b
commit 53174ddfd8
3 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
newswire.py
View File

@ -1305,7 +1305,8 @@ def get_rss(base_dir: str, domain: str, session, url: str,
result = \ result = \
session.get(url, headers=session_headers, session.get(url, headers=session_headers,
params=session_params, params=session_params,
timeout=timeout_sec) timeout=timeout_sec,
allow_redirects=False)
if result: if result:
if int(len(result.text) / 1024) < max_feed_size_kb and \ if int(len(result.text) / 1024) < max_feed_size_kb and \
not contains_invalid_chars(result.text): not contains_invalid_chars(result.text):

16
session.py
View File

@ -71,7 +71,8 @@ def url_exists(session, url: str, timeout_sec: int = 3,
try: try:
result = session.get(url, headers=session_headers, result = session.get(url, headers=session_headers,
params=session_params, params=session_params,
timeout=timeout_sec) timeout=timeout_sec,
allow_redirects=False)
if result: if result:
if result.status_code == 200 or \ if result.status_code == 200 or \
result.status_code == 304: result.status_code == 304:
@ -91,7 +92,8 @@ def _get_json_request(session, url: str, domain_full: str, session_headers: {},
""" """
try: try:
result = session.get(url, headers=session_headers, result = session.get(url, headers=session_headers,
params=session_params, timeout=timeout_sec) params=session_params, timeout=timeout_sec,
allow_redirects=False)
if result.status_code != 200: if result.status_code != 200:
if result.status_code == 401: if result.status_code == 401:
print("WARN: get_json " + url + ' rejected by secure mode') print("WARN: get_json " + url + ' rejected by secure mode')
@ -284,7 +286,8 @@ def get_vcard(xml_format: bool,
try: try:
result = session.get(url, headers=session_headers, result = session.get(url, headers=session_headers,
params=session_params, timeout=timeout_sec) params=session_params, timeout=timeout_sec,
allow_redirects=False)
if result.status_code != 200: if result.status_code != 200:
if result.status_code == 401: if result.status_code == 401:
print("WARN: get_vcard " + url + ' rejected by secure mode') print("WARN: get_vcard " + url + ' rejected by secure mode')
@ -592,7 +595,8 @@ def download_image(session, base_dir: str, url: str,
print('Downloading image url: ' + url) print('Downloading image url: ' + url)
result = session.get(url, result = session.get(url,
headers=session_headers, headers=session_headers,
params=None) params=None,
allow_redirects=False)
if result.status_code < 200 or \ if result.status_code < 200 or \
result.status_code > 202: result.status_code > 202:
if debug: if debug:
@ -635,7 +639,9 @@ def download_image_any_mime_type(session, url: str,
'Accept': 'image/x-icon, image/png, image/webp, image/jpeg, image/gif' 'Accept': 'image/x-icon, image/png, image/webp, image/jpeg, image/gif'
} }
try: try:
result = session.get(url, headers=session_headers, timeout=timeout_sec) result = session.get(url, headers=session_headers,
timeout=timeout_sec,
allow_redirects=False)
except requests.exceptions.RequestException as ex: except requests.exceptions.RequestException as ex:
print('EX: download_image_any_mime_type failed1: ' + print('EX: download_image_any_mime_type failed1: ' +
str(url) + ', ' + str(ex)) str(url) + ', ' + str(ex))

3
webapp_utils.py
View File

@ -277,7 +277,8 @@ def update_avatar_image_cache(signing_priv_key_pem: str,
print('avatar image url: ' + avatar_url) print('avatar image url: ' + avatar_url)
result = session.get(avatar_url, result = session.get(avatar_url,
headers=session_headers, headers=session_headers,
params=None) params=None,
allow_redirects=False)
if result.status_code < 200 or \ if result.status_code < 200 or \
result.status_code > 202: result.status_code > 202:
if debug: if debug: