From 9386a55933612577b4400707157f4b61dadd5769 Mon Sep 17 00:00:00 2001 From: Aevann Date: Thu, 7 Sep 2023 15:25:09 +0300 Subject: [PATCH] better fix to ip exploit --- files/helpers/regex.py | 1 + files/helpers/sanitize.py | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/files/helpers/regex.py b/files/helpers/regex.py index d302cb9a9..63ed0ab94 100644 --- a/files/helpers/regex.py +++ b/files/helpers/regex.py @@ -129,6 +129,7 @@ twitch_regex = re.compile('(https:\/\/)?(www\.)?twitch.tv\/(.*)', flags=re.I|re. link_fix_regex = re.compile("(\[.*?\]\()(?!http|\/)(.*?\))" + NOT_IN_CODE_OR_LINKS, flags=re.A) css_url_regex = re.compile('url\(\s*[\'"]?([^\'"]*)', flags=re.I|re.A) +css_url2_regex = re.compile('(http[^\s]*)', flags=re.I|re.A) linefeeds_regex = re.compile("([^\n])\n([^\n])", flags=re.A) diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index fd55efb36..4d71adaef 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -804,7 +804,8 @@ def validate_css(css): if '/*' in css: return False, "CSS comments are not allowed!" - for i in css_url_regex.finditer(css): + matches = list(css_url_regex.finditer(css)) + list(css_url2_regex.finditer(css)) + for i in matches: url = i.group(1) if not is_safe_url(url): domain = tldextract.extract(url).registered_domain