blob: dc5d333be9403cbecbb0f197a897e2a8b6faa863 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
From bf04b74b155f91b47ca986543348bdf644f2ffb0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org>
Date: Tue, 4 May 2021 13:10:50 +0200
Subject: [PATCH] Reject URLs containing LF, CR or HT to workaround bpo43882
---
django/core/validators.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/django/core/validators.py b/django/core/validators.py
index a385819510..bab034912a 100644
--- a/django/core/validators.py
+++ b/django/core/validators.py
@@ -110,6 +110,8 @@ class URLValidator(RegexValidator):
try:
super().__call__(value)
except ValidationError as e:
+ if '\r' in value or '\n' in value or '\t' in value:
+ raise e
# Trivial case failed. Try for possible IDN domain
if value:
try:
--
2.31.1
|