Skip to content
Snippets Groups Projects
Select Git revision
  • 69378eac99c013a0db7d2d5ff9a54dfcc287d9ce
  • main default protected
  • mathstodon-4.3.6
  • mathstodon-4.3.x
  • mathstodon-4.2.15
  • mathstodon-4.2.10
  • mathstodon-4.2.7
  • mathstodon-4.2.6
  • v4.2.5
  • v4.2.2
  • mathstodon-4.2.5
  • mathstodon-4.2
  • mathstodon-4.1
  • mastodon-4.1.3
  • v4.1.3
  • v4.1.0-diff
  • mathstodon-4.1.0
  • mastodon-v4.1.0
  • v4.0.2
  • mathstodon-4.0.2
  • mathstodon-3.5.3
  • v4.0.0rc3
  • v4.0.0rc2
  • v4.0.0rc1
  • v3.5.3
  • v3.4.8
  • v3.5.2
  • v3.5.1
  • v3.4.7
  • v3.3.3
  • v3.5.0
  • v3.5.0rc3
  • v3.5.0rc2
  • v3.5.0rc1
  • v3.4.6
  • v3.3.2
  • v3.3.1
  • v3.4.5
  • v3.4.4
  • v3.4.3
  • v3.4.2
41 results

spec

user avatar
Don't allow URLs that contain non-normalized paths to be verified (#20999)
David Leadbeater authored and GitHub committed 
* Don't allow URLs that contain non-normalized paths to be verified

This stops things like https://example.com/otheruser/../realuser where
"/otheruser" appears to be the verified URL, but the actual URL being
verified is "/realuser" due to the "/../".

Also fix a test to use 'https', so it is testing the right thing, now
that since #20304 https is required.

* missing do
69378eac
History
user avatar 69378eac
History
Name Last commit Last update
..