From 3713e9943fa6eb249b0e4d0e3f6943e2bb2f782c Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 12 Jul 2021 09:45:36 +0100 Subject: [PATCH 1/9] Encode redirects --- daemon.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daemon.py b/daemon.py index d0713e567..9cd6dd183 100644 --- a/daemon.py +++ b/daemon.py @@ -731,7 +731,7 @@ class PubServer(BaseHTTPRequestHandler): self.send_header('Cookie', cookieStr) else: self.send_header('Set-Cookie', cookieStr) - self.send_header('Location', redirect) + self.send_header('Location', redirect.encode('utf-8')) self.send_header('Host', callingDomain) self.send_header('InstanceID', self.server.instanceId) self.send_header('Content-Length', '0') From 4a0dd19475690defa585dc9453a963f45cd9552a Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 12 Jul 2021 09:48:14 +0100 Subject: [PATCH 2/9] Don't encode --- daemon.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daemon.py b/daemon.py index 9cd6dd183..d0713e567 100644 --- a/daemon.py +++ b/daemon.py @@ -731,7 +731,7 @@ class PubServer(BaseHTTPRequestHandler): self.send_header('Cookie', cookieStr) else: self.send_header('Set-Cookie', cookieStr) - self.send_header('Location', redirect.encode('utf-8')) + self.send_header('Location', redirect) self.send_header('Host', callingDomain) self.send_header('InstanceID', self.server.instanceId) self.send_header('Content-Length', '0') From 3231f3356bf8cc91d991e9da0e262276f2e470bd Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 12 Jul 2021 09:59:58 +0100 Subject: [PATCH 3/9] Error handling for redirect location --- daemon.py | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/daemon.py b/daemon.py index d0713e567..c0041c4be 100644 --- a/daemon.py +++ b/daemon.py @@ -731,7 +731,23 @@ class PubServer(BaseHTTPRequestHandler): self.send_header('Cookie', cookieStr) else: self.send_header('Set-Cookie', cookieStr) - self.send_header('Location', redirect) + + if '://' in redirect: + fallbackLocation = redirect.split('://')[1] + if '/' in fallbackLocation: + fallbackLocation = fallbackLocation.split('/')[0] + fallbackLocation = \ + redirect.split('://')[0] + '://' + fallbackLocation + else: + fallbackLocation = \ + self.server.httpPrefix + '://' + self.server.domainFull + try: + self.send_header('Location', redirect) + except BaseException: + print('WARN: fallback redirect for ' + str(redirect)) + self.send_header('Location', fallbackLocation) + pass + self.send_header('Host', callingDomain) self.send_header('InstanceID', self.server.instanceId) self.send_header('Content-Length', '0') From 4b7ce92ae7a595b32c41e1d7b1fb469e89891efc Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 12 Jul 2021 10:18:15 +0100 Subject: [PATCH 4/9] Quoted redirects --- daemon.py | 29 +++++++++++------------------ 1 file changed, 11 insertions(+), 18 deletions(-) diff --git a/daemon.py b/daemon.py index c0041c4be..ef5c3b4b5 100644 --- a/daemon.py +++ b/daemon.py @@ -629,7 +629,7 @@ class PubServer(BaseHTTPRequestHandler): self.send_response(303) self.send_header('Set-Cookie', 'epicyon=; SameSite=Strict') - self.send_header('Location', redirect) + self.send_header('Location', self._quotedRedirect(redirect)) self.send_header('Host', callingDomain) self.send_header('InstanceID', self.server.instanceId) self.send_header('Content-Length', '0') @@ -713,6 +713,15 @@ class PubServer(BaseHTTPRequestHandler): return True return False + def _quotedRedirect(redirect: str) -> str: + """URL encodes any non-ascii characters for url redirects + """ + if '/' not in redirect: + return urllib.parse.quote_plus(redirect) + lastStr = redirect.split('/')[-1] + return redirect.replace('/' + lastStr, '/' + + urllib.parse.quote_plus(lastStr)) + def _redirect_headers(self, redirect: str, cookie: str, callingDomain: str) -> None: if '://' not in redirect: @@ -731,23 +740,7 @@ class PubServer(BaseHTTPRequestHandler): self.send_header('Cookie', cookieStr) else: self.send_header('Set-Cookie', cookieStr) - - if '://' in redirect: - fallbackLocation = redirect.split('://')[1] - if '/' in fallbackLocation: - fallbackLocation = fallbackLocation.split('/')[0] - fallbackLocation = \ - redirect.split('://')[0] + '://' + fallbackLocation - else: - fallbackLocation = \ - self.server.httpPrefix + '://' + self.server.domainFull - try: - self.send_header('Location', redirect) - except BaseException: - print('WARN: fallback redirect for ' + str(redirect)) - self.send_header('Location', fallbackLocation) - pass - + self.send_header('Location', self._quotedRedirect(redirect)) self.send_header('Host', callingDomain) self.send_header('InstanceID', self.server.instanceId) self.send_header('Content-Length', '0') From bdda8c9bf476044a6d35e84b58844c0b0d245bc2 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 12 Jul 2021 10:19:53 +0100 Subject: [PATCH 5/9] Quoted redirects --- daemon.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daemon.py b/daemon.py index ef5c3b4b5..21d54b407 100644 --- a/daemon.py +++ b/daemon.py @@ -713,7 +713,7 @@ class PubServer(BaseHTTPRequestHandler): return True return False - def _quotedRedirect(redirect: str) -> str: + def _quotedRedirect(self, redirect: str) -> str: """URL encodes any non-ascii characters for url redirects """ if '/' not in redirect: From 7c270019b00357c8833ca6f4c4b1d251fce9f7b8 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 12 Jul 2021 10:27:57 +0100 Subject: [PATCH 6/9] Only quote tags --- daemon.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/daemon.py b/daemon.py index 21d54b407..212fe2481 100644 --- a/daemon.py +++ b/daemon.py @@ -716,8 +716,8 @@ class PubServer(BaseHTTPRequestHandler): def _quotedRedirect(self, redirect: str) -> str: """URL encodes any non-ascii characters for url redirects """ - if '/' not in redirect: - return urllib.parse.quote_plus(redirect) + if '/tags/' not in redirect: + return redirect lastStr = redirect.split('/')[-1] return redirect.replace('/' + lastStr, '/' + urllib.parse.quote_plus(lastStr)) From 94fb8e5c816812c37c134a567c0a36b81974fab8 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 12 Jul 2021 10:39:15 +0100 Subject: [PATCH 7/9] Method name --- daemon.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/daemon.py b/daemon.py index 212fe2481..4b1b0ad7a 100644 --- a/daemon.py +++ b/daemon.py @@ -629,7 +629,7 @@ class PubServer(BaseHTTPRequestHandler): self.send_response(303) self.send_header('Set-Cookie', 'epicyon=; SameSite=Strict') - self.send_header('Location', self._quotedRedirect(redirect)) + self.send_header('Location', self._quoted_redirect(redirect)) self.send_header('Host', callingDomain) self.send_header('InstanceID', self.server.instanceId) self.send_header('Content-Length', '0') @@ -713,7 +713,7 @@ class PubServer(BaseHTTPRequestHandler): return True return False - def _quotedRedirect(self, redirect: str) -> str: + def _quoted_redirect(self, redirect: str) -> str: """URL encodes any non-ascii characters for url redirects """ if '/tags/' not in redirect: @@ -740,7 +740,7 @@ class PubServer(BaseHTTPRequestHandler): self.send_header('Cookie', cookieStr) else: self.send_header('Set-Cookie', cookieStr) - self.send_header('Location', self._quotedRedirect(redirect)) + self.send_header('Location', self._quoted_redirect(redirect)) self.send_header('Host', callingDomain) self.send_header('InstanceID', self.server.instanceId) self.send_header('Content-Length', '0') From 13ba1565fa65d89d98325e70faea55214760d088 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 12 Jul 2021 10:41:04 +0100 Subject: [PATCH 8/9] Comment --- daemon.py | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/daemon.py b/daemon.py index 4b1b0ad7a..41a91790b 100644 --- a/daemon.py +++ b/daemon.py @@ -621,6 +621,16 @@ class PubServer(BaseHTTPRequestHandler): 'title="Login to Epicyon", Basic realm="epicyon"') self.end_headers() + def _quoted_redirect(self, redirect: str) -> str: + """hashtags sometimes contain non-ascii characters which + need to be url encoded + """ + if '/tags/' not in redirect: + return redirect + lastStr = redirect.split('/')[-1] + return redirect.replace('/' + lastStr, '/' + + urllib.parse.quote_plus(lastStr)) + def _logout_redirect(self, redirect: str, cookie: str, callingDomain: str) -> None: if '://' not in redirect: @@ -713,15 +723,6 @@ class PubServer(BaseHTTPRequestHandler): return True return False - def _quoted_redirect(self, redirect: str) -> str: - """URL encodes any non-ascii characters for url redirects - """ - if '/tags/' not in redirect: - return redirect - lastStr = redirect.split('/')[-1] - return redirect.replace('/' + lastStr, '/' + - urllib.parse.quote_plus(lastStr)) - def _redirect_headers(self, redirect: str, cookie: str, callingDomain: str) -> None: if '://' not in redirect: From ba77de00b209788a000bc7d57e3a8f22d63a8b8f Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 12 Jul 2021 10:42:08 +0100 Subject: [PATCH 9/9] Comment --- daemon.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daemon.py b/daemon.py index 41a91790b..d7cc9ed55 100644 --- a/daemon.py +++ b/daemon.py @@ -622,7 +622,7 @@ class PubServer(BaseHTTPRequestHandler): self.end_headers() def _quoted_redirect(self, redirect: str) -> str: - """hashtags sometimes contain non-ascii characters which + """hashtag screen urls sometimes contain non-ascii characters which need to be url encoded """ if '/tags/' not in redirect: