chinwagsocial

History

David Leadbeater 69378eac99 Don't allow URLs that contain non-normalized paths to be verified (#20999 ) * Don't allow URLs that contain non-normalized paths to be verified This stops things like https://example.com/otheruser/../realuser where "/otheruser" appears to be the verified URL, but the actual URL being verified is "/realuser" due to the "/../". Also fix a test to use 'https', so it is testing the right thing, now that since #20304 https is required. * missing do	2022-11-20 19:28:13 +01:00
..
field_spec.rb	Don't allow URLs that contain non-normalized paths to be verified (#20999 )	2022-11-20 19:28:13 +01:00

David Leadbeater 69378eac99

Don't allow URLs that contain non-normalized paths to be verified (#20999 )

* Don't allow URLs that contain non-normalized paths to be verified

This stops things like https://example.com/otheruser/../realuser where
"/otheruser" appears to be the verified URL, but the actual URL being
verified is "/realuser" due to the "/../".

Also fix a test to use 'https', so it is testing the right thing, now
that since #20304 https is required.

* missing do

2022-11-20 19:28:13 +01:00

field_spec.rb

Don't allow URLs that contain non-normalized paths to be verified (#20999 )

2022-11-20 19:28:13 +01:00