diff options
| author | Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | 2024-08-12 15:17:57 +0200 |
|---|---|---|
| committer | Natalia <124304+nessita@users.noreply.github.com> | 2024-09-03 09:32:43 -0300 |
| commit | 813de2672bd7361e9a453ab62cd6e52f96b6525b (patch) | |
| tree | b96c53fc7b1a784288c5e0d05b0d232683f2c9a5 /django | |
| parent | 05495d4f5ec4aecc0077464c5b4f1d63e7df9aff (diff) | |
[5.0.x] Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
Diffstat (limited to 'django')
| -rw-r--r-- | django/utils/html.py | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/django/utils/html.py b/django/utils/html.py index a2686d065b..ac444cf8ee 100644 --- a/django/utils/html.py +++ b/django/utils/html.py @@ -425,14 +425,17 @@ class Urlizer: potential_entity = middle[amp:] escaped = html.unescape(potential_entity) if escaped == potential_entity or escaped.endswith(";"): - rstripped = middle.rstrip(";") - amount_stripped = len(middle) - len(rstripped) - if amp > -1 and amount_stripped > 1: - # Leave a trailing semicolon as might be an entity. - trail = middle[len(rstripped) + 1 :] + trail - middle = rstripped + ";" + rstripped = middle.rstrip(self.trailing_punctuation_chars) + trail_start = len(rstripped) + amount_trailing_semicolons = len(middle) - len(middle.rstrip(";")) + if amp > -1 and amount_trailing_semicolons > 1: + # Leave up to most recent semicolon as might be an entity. + recent_semicolon = middle[trail_start:].index(";") + middle_semicolon_index = recent_semicolon + trail_start + 1 + trail = middle[middle_semicolon_index:] + trail + middle = rstripped + middle[trail_start:middle_semicolon_index] else: - trail = middle[len(rstripped) :] + trail + trail = middle[trail_start:] + trail middle = rstripped trimmed_something = True |