From 2292b912d25cb4d5db8408e076212f82bcf6fc01 Mon Sep 17 00:00:00 2001 From: Nathan Woodburn Date: Fri, 17 Nov 2023 00:21:57 +1100 Subject: [PATCH] fix: Verify link using regex --- README.md | 2 ++ main.py | 12 +++++------- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index b1c0e44..490aa8e 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,8 @@ services: DB_USER: main DB_PASSWORD: your-db-password DB_NAME: main + DNS_SERVER: 10.1.1.2 + DNS_SERVER_PORT: 5350 WORKERS: 2 # number of workers to run (should be 2 * number of cores) db: diff --git a/main.py b/main.py index 6090787..775a7e4 100644 --- a/main.py +++ b/main.py @@ -7,6 +7,7 @@ import db import varo_auth import account import render +import re app = Flask(__name__) dotenv.load_dotenv() @@ -97,18 +98,15 @@ def add_link(): return resp link=request.form['link'] - url=request.form['url'] + url=request.form['url'].lower() # Verify link is valid if not (url.startswith('http://') or url.startswith('https://')): url = 'https://' + url - try: - r = requests.get(url, timeout=5) - if r.status_code != 200: - return error('Invalid URL') - except: - return error('Invalid URL') + regexmatch = re.match(r"^^https?://([a-z0-9]+(-[a-z0-9]+)*\.)*([a-z0-9]+(-[a-z0-9]+)*)(/([a-z0-9.])+(-([a-z0-9.])+)?)*$", domain) + if not regexmatch: + return error('Invalid domain') if len(link) > 32: return error('Link too long')