summaryrefslogtreecommitdiff
path: root/dev-python/django/files/django-2.2.21-fix-bpo43882.patch
diff options
context:
space:
mode:
Diffstat (limited to 'dev-python/django/files/django-2.2.21-fix-bpo43882.patch')
-rw-r--r--dev-python/django/files/django-2.2.21-fix-bpo43882.patch25
1 files changed, 25 insertions, 0 deletions
diff --git a/dev-python/django/files/django-2.2.21-fix-bpo43882.patch b/dev-python/django/files/django-2.2.21-fix-bpo43882.patch
new file mode 100644
index 000000000000..dc5d333be940
--- /dev/null
+++ b/dev-python/django/files/django-2.2.21-fix-bpo43882.patch
@@ -0,0 +1,25 @@
+From bf04b74b155f91b47ca986543348bdf644f2ffb0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org>
+Date: Tue, 4 May 2021 13:10:50 +0200
+Subject: [PATCH] Reject URLs containing LF, CR or HT to workaround bpo43882
+
+---
+ django/core/validators.py | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/django/core/validators.py b/django/core/validators.py
+index a385819510..bab034912a 100644
+--- a/django/core/validators.py
++++ b/django/core/validators.py
+@@ -110,6 +110,8 @@ class URLValidator(RegexValidator):
+ try:
+ super().__call__(value)
+ except ValidationError as e:
++ if '\r' in value or '\n' in value or '\t' in value:
++ raise e
+ # Trivial case failed. Try for possible IDN domain
+ if value:
+ try:
+--
+2.31.1
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-26 06:53:39 +0000