From 3d1d1caa6c7c25f12655e71d7b58d48f9ef6b1ec Mon Sep 17 00:00:00 2001
From: Anton Khirnov <anton@khirnov.net>
Date: Sat, 23 Jan 2021 11:10:48 +0100
Subject: Check that the requested url is compatible with shortener alphabet.

Avoids raising an exception.
---
 fhost.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fhost.py b/fhost.py
index 2814a96..293e88e 100755
--- a/fhost.py
+++ b/fhost.py
@@ -284,6 +284,9 @@ def store_url(url, addr):
 @app.route("/<path:path>")
 def get(path):
     p = os.path.splitext(path)
+    if any(not c in su.alphabet for c in p[0]):
+        abort(404)
+
     id = su.debase(p[0])
 
     if p[1]:
-- 
cgit v1.2.3