mirror of
https://github.com/zulip/zulip.git
synced 2025-11-15 11:22:04 +00:00
319e2231b8
Due to a known but unfixed bug in the Python standard library’s urllib.parse module (CVE-2015-2104), a crafted URL could bypass the validation in the previous patch and still achieve an open redirect. https://bugs.python.org/issue23505 Switch to using django.utils.http.is_safe_url, which already contains a workaround for this bug. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2.6 KiB
2.6 KiB