chiark
/
gitweb
/
~ianmdlvl
/
fdroidserver.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
26bfd7f
)
checkupdates: require UpdateCheckData has valid HTTPS URL
author
Hans-Christoph Steiner
<hans@eds.org>
Thu, 1 Mar 2018 22:51:36 +0000
(23:51 +0100)
committer
Hans-Christoph Steiner
<hans@eds.org>
Thu, 1 Mar 2018 22:51:36 +0000
(23:51 +0100)
fdroidserver/checkupdates.py
patch
|
blob
|
history
diff --git
a/fdroidserver/checkupdates.py
b/fdroidserver/checkupdates.py
index 876dd2aeb978d6707ea1d90e81f28938fe6e46be..d919c72b11a8cbba405065651bf9dc68ad332549 100644
(file)
--- a/
fdroidserver/checkupdates.py
+++ b/
fdroidserver/checkupdates.py
@@
-30,6
+30,7
@@
import html
from distutils.version import LooseVersion
import logging
import copy
from distutils.version import LooseVersion
import logging
import copy
+import urllib.parse
from . import _
from . import common
from . import _
from . import common
@@
-48,6
+49,13
@@
def check_http(app):
raise FDroidException('Missing Update Check Data')
urlcode, codeex, urlver, verex = app.UpdateCheckData.split('|')
raise FDroidException('Missing Update Check Data')
urlcode, codeex, urlver, verex = app.UpdateCheckData.split('|')
+ parsed = urllib.parse.urlparse(urlcode)
+ if not parsed.netloc or not parsed.scheme or parsed.scheme != 'https':
+ raise FDroidException(_('UpdateCheckData has invalid URL: {url}').format(url=urlcode))
+ if urlver != '.':
+ parsed = urllib.parse.urlparse(urlver)
+ if not parsed.netloc or not parsed.scheme or parsed.scheme != 'https':
+ raise FDroidException(_('UpdateCheckData has invalid URL: {url}').format(url=urlcode))
vercode = "99999999"
if len(urlcode) > 0:
vercode = "99999999"
if len(urlcode) > 0: