diff options
author | Sean B. Palmer <sbp@aldebaran.local> | 2011-09-05 17:46:17 +0100 |
---|---|---|
committer | Sean B. Palmer <sbp@aldebaran.local> | 2011-09-05 17:46:17 +0100 |
commit | 2d3009ccb123bb34bf0d8b8b516a15c05240bf03 (patch) | |
tree | 28029457224da9cd91187e17f8b90cff5cb2de57 /modules/head.py | |
parent | 66edd833726d0a14400df65311999b1496b9f8cb (diff) | |
download | bot-2d3009ccb123bb34bf0d8b8b516a15c05240bf03.tar.gz bot-2d3009ccb123bb34bf0d8b8b516a15c05240bf03.tar.bz2 bot-2d3009ccb123bb34bf0d8b8b516a15c05240bf03.zip |
Attempt to patch a possible message injection hole.
Diffstat (limited to 'modules/head.py')
-rwxr-xr-x | modules/head.py | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/modules/head.py b/modules/head.py index 1008628..66e9eef 100755 --- a/modules/head.py +++ b/modules/head.py @@ -83,6 +83,18 @@ def f_title(self, origin, match, args): uri = 'http://' + uri uri = uri.replace('#!', '?_escaped_fragment_=') + localhost = [ + 'http://localhost/', 'http://localhost:80/', + 'http://localhost:8080/', 'http://127.0.0.1/', + 'http://127.0.0.1:80/', 'http://127.0.0.1:8080/', + 'https://localhost/', 'https://localhost:80/', + 'https://localhost:8080/', 'https://127.0.0.1/', + 'https://127.0.0.1:80/', 'https://127.0.0.1:8080/', + ] + for s in localhost: + if uri.startswith(s): + return phenny.reply('Sorry, access forbidden.') + try: redirects = 0 while True: |