mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

[5.0.x] Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizetrunc template filters.

Browse Source 
Thanks to MProgrammer for the report.
This commit is contained in:
Sarah Boyce
2024-07-18 13:19:34 +02:00
parent 27900fe56f
commit 7b7b909579
4 changed files with 24 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
django/utils/html.py
View File

@@ -408,7 +408,11 @@ class Urlizer:
trimmed_something = True
counts[closing] -= strip
rstripped = middle.rstrip(self.trailing_punctuation_chars_no_semicolon)
amp = middle.rfind("&")
if amp == -1:
rstripped = middle.rstrip(self.trailing_punctuation_chars)
else:
rstripped = middle.rstrip(self.trailing_punctuation_chars_no_semicolon)
if rstripped != middle:
trail = middle[len(rstripped) :] + trail
middle = rstripped
@@ -416,15 +420,9 @@ class Urlizer:
if self.trailing_punctuation_chars_has_semicolon and middle.endswith(";"):
# Only strip if not part of an HTML entity.
amp = middle.rfind("&")
if amp == -1:
can_strip = True
else:
potential_entity = middle[amp:]
escaped = html.unescape(potential_entity)
can_strip = (escaped == potential_entity) or escaped.endswith(";")
if can_strip:
potential_entity = middle[amp:]
escaped = html.unescape(potential_entity)
if escaped == potential_entity or escaped.endswith(";"):
rstripped = middle.rstrip(";")
amount_stripped = len(middle) - len(rstripped)
if amp > -1 and amount_stripped > 1: