diff options
| author | Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | 2024-08-12 15:17:57 +0200 |
|---|---|---|
| committer | Natalia <124304+nessita@users.noreply.github.com> | 2024-09-03 09:24:13 -0300 |
| commit | 022ab0a75c76ab2ea31dfcc5f2cf5501e378d397 (patch) | |
| tree | fb463682e3ab90de998b49e4b6fdc22b53438e0a /django/utils | |
| parent | 62039659603ca0fa2df796d1732c4b414549c52b (diff) | |
[5.1.x] Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
Diffstat (limited to 'django/utils')
| -rw-r--r-- | django/utils/html.py | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/django/utils/html.py b/django/utils/html.py index e5ad5646fa..d9513fc758 100644 --- a/django/utils/html.py +++ b/django/utils/html.py @@ -428,14 +428,17 @@ class Urlizer: potential_entity = middle[amp:] escaped = html.unescape(potential_entity) if escaped == potential_entity or escaped.endswith(";"): - rstripped = middle.rstrip(";") - amount_stripped = len(middle) - len(rstripped) - if amp > -1 and amount_stripped > 1: - # Leave a trailing semicolon as might be an entity. - trail = middle[len(rstripped) + 1 :] + trail - middle = rstripped + ";" + rstripped = middle.rstrip(self.trailing_punctuation_chars) + trail_start = len(rstripped) + amount_trailing_semicolons = len(middle) - len(middle.rstrip(";")) + if amp > -1 and amount_trailing_semicolons > 1: + # Leave up to most recent semicolon as might be an entity. + recent_semicolon = middle[trail_start:].index(";") + middle_semicolon_index = recent_semicolon + trail_start + 1 + trail = middle[middle_semicolon_index:] + trail + middle = rstripped + middle[trail_start:middle_semicolon_index] else: - trail = middle[len(rstripped) :] + trail + trail = middle[trail_start:] + trail middle = rstripped trimmed_something = True |
