mirror of
https://gitlab.com/fdroid/fdroidserver.git
synced 2024-11-20 13:50:12 +01:00
sanitize mirror URLs to prevent path segments from being removed
urllib.parse.urljoin() will strip off the last path segment before joining if that last path segment does not end with /. That's a "feature" to make it easy to replace file names. Here it was stripping off the essential 'fdroid' segment, making URLs like: https://foo.com/repo when they should be https://foo.com/fdroid/repo
This commit is contained in:
parent
1c49c3af1d
commit
a6a8d34528
@ -895,11 +895,17 @@ def make_index(apps, sortedids, apks, repodir, archive, categories):
|
||||
repoel = doc.createElement("repo")
|
||||
|
||||
mirrorcheckfailed = False
|
||||
mirrors = []
|
||||
for mirror in config.get('mirrors', []):
|
||||
base = os.path.basename(urllib.parse.urlparse(mirror).path.rstrip('/'))
|
||||
if config.get('nonstandardwebroot') is not True and base != 'fdroid':
|
||||
logging.error("mirror '" + mirror + "' does not end with 'fdroid'!")
|
||||
mirrorcheckfailed = True
|
||||
# must end with / or urljoin strips a whole path segment
|
||||
if mirror.endswith('/'):
|
||||
mirrors.append(mirror)
|
||||
else:
|
||||
mirrors.append(mirror + '/')
|
||||
if mirrorcheckfailed:
|
||||
sys.exit(1)
|
||||
|
||||
@ -911,7 +917,7 @@ def make_index(apps, sortedids, apks, repodir, archive, categories):
|
||||
repoel.setAttribute("url", config['archive_url'])
|
||||
addElement('description', config['archive_description'], doc, repoel)
|
||||
urlbasepath = os.path.basename(urllib.parse.urlparse(config['archive_url']).path)
|
||||
for mirror in config.get('mirrors', []):
|
||||
for mirror in mirrors:
|
||||
addElement('mirror', urllib.parse.urljoin(mirror, urlbasepath), doc, repoel)
|
||||
|
||||
else:
|
||||
@ -922,7 +928,7 @@ def make_index(apps, sortedids, apks, repodir, archive, categories):
|
||||
repoel.setAttribute("url", config['repo_url'])
|
||||
addElement('description', config['repo_description'], doc, repoel)
|
||||
urlbasepath = os.path.basename(urllib.parse.urlparse(config['repo_url']).path)
|
||||
for mirror in config.get('mirrors', []):
|
||||
for mirror in mirrors:
|
||||
addElement('mirror', urllib.parse.urljoin(mirror, urlbasepath), doc, repoel)
|
||||
|
||||
repoel.setAttribute("version", str(METADATA_VERSION))
|
||||
|
Loading…
Reference in New Issue
Block a user