diff options
author | David Leadbeater <dgl@dgl.cx> | 2022-11-21 05:28:13 +1100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-11-20 19:28:13 +0100 |
commit | 69378eac99c013a0db7d2d5ff9a54dfcc287d9ce (patch) | |
tree | 270c7ddf377f62d1272b9fabcab46fb9a23e54f6 /app/serializers/activitypub/undo_follow_serializer.rb | |
parent | 48e136605a30fa7ee71a656b599d91adf47b17fc (diff) |
Don't allow URLs that contain non-normalized paths to be verified (#20999)
* Don't allow URLs that contain non-normalized paths to be verified This stops things like https://example.com/otheruser/../realuser where "/otheruser" appears to be the verified URL, but the actual URL being verified is "/realuser" due to the "/../". Also fix a test to use 'https', so it is testing the right thing, now that since #20304 https is required. * missing do
Diffstat (limited to 'app/serializers/activitypub/undo_follow_serializer.rb')
0 files changed, 0 insertions, 0 deletions