Check that the requested url is compatible with shortener alphabet.

Avoids raising an exception.
author: Anton Khirnov <anton@khirnov.net> 2021-01-23 11:10:48 +0100
committer: Anton Khirnov <anton@khirnov.net> 2021-01-23 11:10:48 +0100
commit: 3d1d1caa6c7c25f12655e71d7b58d48f9ef6b1ec (patch)
tree: 8f2cf344f0f31ba1b26118edc3f1e2e5c1f27dfe
parent: a52127f0c35ab684ce9ba51c3dc8aed5bc5f252a (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/fhost.py b/fhost.py
index 2814a96..293e88e 100755
--- a/fhost.py
+++ b/fhost.py
@@ -284,6 +284,9 @@ def store_url(url, addr):
 @app.route("/<path:path>")
 def get(path):
     p = os.path.splitext(path)
+    if any(not c in su.alphabet for c in p[0]):
+        abort(404)
+
     id = su.debase(p[0])
 
     if p[1]:
author	Anton Khirnov <anton@khirnov.net>	2021-01-23 11:10:48 +0100
committer	Anton Khirnov <anton@khirnov.net>	2021-01-23 11:10:48 +0100
commit	3d1d1caa6c7c25f12655e71d7b58d48f9ef6b1ec (patch)
tree	8f2cf344f0f31ba1b26118edc3f1e2e5c1f27dfe
parent	a52127f0c35ab684ce9ba51c3dc8aed5bc5f252a (diff)