mirrors
/
miniflux-v2
mirror of https://github.com/miniflux/v2.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add more URL validation in media proxy

This commit is contained in:
Frédéric Guillot 2024-02-26 20:08:10 -08:00
parent bce21a9f91
commit 97feec8ebf
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
internal/ui/proxy.go
View File

@ -10,6 +10,7 @@ import (
"errors"
"log/slog"
"net/http"
"net/url"
"time"
"miniflux.app/v2/internal/config"
@ -54,6 +55,27 @@ func (h *handler) mediaProxy(w http.ResponseWriter, r *http.Request) {
return
}
u, err := url.Parse(string(decodedURL))
if err != nil {
html.BadRequest(w, r, errors.New("invalid URL provided"))
return
}
if u.Scheme != "http" && u.Scheme != "https" {
html.BadRequest(w, r, errors.New("invalid URL provided"))
return
}
if u.Host == "" {
html.BadRequest(w, r, errors.New("invalid URL provided"))
return
}
if !u.IsAbs() {
html.BadRequest(w, r, errors.New("invalid URL provided"))
return
}
mediaURL := string(decodedURL)
slog.Debug("MediaProxy: Fetching remote resource",
slog.String("media_url", mediaURL),