Don't allow redirections to external websites.
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/push Build is passing
Details
See <https://cwe.mitre.org/data/definitions/601.html>.
This commit is contained in:
parent
8341793768
commit
3433f88dcc
|
@ -12,7 +12,7 @@ specification for hosting profile images tied to email or OpenID addresses.
|
||||||
* MD5 hashes
|
* MD5 hashes
|
||||||
* SHA256 hashes
|
* SHA256 hashes
|
||||||
* Variable image size (`s` or `size`)
|
* Variable image size (`s` or `size`)
|
||||||
* Default fallbacks (`d` or `default`): 404, URL, mp/mm, identicon, retro
|
* Default fallbacks (`d` or `default`): 404, URL (only on the same server), mp/mm, identicon, retro
|
||||||
|
|
||||||
The API is explained in greater detail at the
|
The API is explained in greater detail at the
|
||||||
[Libravar wiki](https://wiki.libravatar.org/api/).
|
[Libravar wiki](https://wiki.libravatar.org/api/).
|
||||||
|
@ -24,6 +24,9 @@ The API is explained in greater detail at the
|
||||||
* The default fallbacks monsterid, wavatar, robohash and pagan
|
* The default fallbacks monsterid, wavatar, robohash and pagan
|
||||||
* Patches welcome
|
* Patches welcome
|
||||||
* forcedefault
|
* forcedefault
|
||||||
|
* Fallback URLs for to external sites (due to [CWE-601](https://cwe.mitre.org/data/definitions/601.html))
|
||||||
|
* We have a server setting (`LIBRAVATARSERV_REDIRECT_*`) to redirect to
|
||||||
|
libravatar.org.
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/* This file is part of libravatarserv.
|
/* This file is part of libravatarserv.
|
||||||
* Copyright © 2018, 2019, 2020 tastytea <tastytea@tastytea.de>
|
* Copyright © 2018, 2019, 2020, 2021 tastytea <tastytea@tastytea.de>
|
||||||
*
|
*
|
||||||
* This program is free software: you can redistribute it and/or modify
|
* This program is free software: you can redistribute it and/or modify
|
||||||
* it under the terms of the GNU General Public License as published by
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
@ -15,10 +15,12 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "libravatarserv.hpp"
|
#include "libravatarserv.hpp"
|
||||||
|
|
||||||
#include "version.hpp"
|
#include "version.hpp"
|
||||||
|
|
||||||
#include <Magick++/Geometry.h>
|
#include <Magick++/Geometry.h>
|
||||||
#include <identiconpp.hpp>
|
#include <identiconpp.hpp>
|
||||||
|
|
||||||
#include <iostream>
|
#include <iostream>
|
||||||
|
|
||||||
using namespace libravatarserv;
|
using namespace libravatarserv;
|
||||||
|
@ -81,7 +83,7 @@ int main()
|
||||||
{
|
{
|
||||||
cout << "Status: 404 Not Found\n\n";
|
cout << "Status: 404 Not Found\n\n";
|
||||||
}
|
}
|
||||||
else if (avatar.fallback.substr(0, 4) == "http")
|
else if (avatar.fallback[0] == '/')
|
||||||
{
|
{
|
||||||
cout << "Status: 307 Temporary Redirect\n";
|
cout << "Status: 307 Temporary Redirect\n";
|
||||||
cout << "Location: " << avatar.fallback << endl << endl;
|
cout << "Location: " << avatar.fallback << endl << endl;
|
||||||
|
|
Loading…
Reference in New Issue