mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-08-05 17:30:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add check to ServeRedirect to ensure valid location

Browse source
This commit is contained in:
Paul Kulchenko 2021-08-16 16:40:40 -07:00
parent 275be556cd
commit b7a40bd737
1 changed files with 8 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

13
tool/net/redbean.c
View file

@ -3061,25 +3061,28 @@ static int LuaServeIndex(lua_State *L) {
static int LuaServeRedirect(lua_State *L) {
size_t loclen;
const char *location;
const char *location, *eval;
int code;
OnlyCallDuringRequest("ServeRedirect");
code = luaL_checkinteger(L, 1);
if (!(300 <= code && code <= 399)) {
luaL_argerror(L, 1, "bad status code for redirect");
luaL_argerror(L, 1, "bad status code");
unreachable;
}
location = luaL_checklstring(L, 2, &loclen);
if (msg.version < 10) {
(void)ServeError(505, "HTTP Version Not Supported");
lua_pushboolean(L, false);
} else {
if (!(eval = EncodeHttpHeaderValue(location, loclen, 0))) {
luaL_argerror(L, 2, "invalid location");
unreachable;
}
LOGF("REDIRECT %d to %s", code, location);
luaheaderp = AppendHeader(
SetStatus(code, GetHttpReason(code)), "Location",
FreeLater(EncodeHttpHeaderValue(location, loclen, 0)));
SetStatus(code, GetHttpReason(code)), "Location", eval);
free(eval);
lua_pushboolean(L, true);
}
return 1;