[fix] gnuboard#582 Open Redirect 검증 로직 우회 취약점 수정

Letm3through · Jun 9, 2024 · 4c94838 · 4c94838
1 parent fcd8dc7
commit 4c94838
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/lib/dependency/dependencies.py b/lib/dependency/dependencies.py
@@ -263,6 +263,7 @@ def validate_login_url(request: Request, url: str = Form(default="/")):
     allow_urls = []
 
     if (url
+            or url.startswith("//")
             and not url.startswith("/")
             and not url.startswith(str(request.base_url))
             and url not in allow_urls):