chinwagsocial/app
David Leadbeater 69378eac99
Don't allow URLs that contain non-normalized paths to be verified (#20999)
* Don't allow URLs that contain non-normalized paths to be verified

This stops things like https://example.com/otheruser/../realuser where
"/otheruser" appears to be the verified URL, but the actual URL being
verified is "/realuser" due to the "/../".

Also fix a test to use 'https', so it is testing the right thing, now
that since #20304 https is required.

* missing do
2022-11-20 19:28:13 +01:00
..
chewy
controllers Fix form-action CSP directive for external login (#20962) 2022-11-17 22:59:07 +01:00
helpers Add Scots to the supported locales (#20283) 2022-11-10 21:11:38 +01:00
javascript
lib Fix emoji substitution not applying only to text nodes in backend code (#20641) 2022-11-14 20:26:21 +01:00
mailers Add support for language preferences for trending statuses and links (#18288) 2022-10-08 16:45:40 +02:00
models Don't allow URLs that contain non-normalized paths to be verified (#20999) 2022-11-20 19:28:13 +01:00
policies Fix getting a single EmailDomainBlock (#20846) 2022-11-17 10:55:50 +01:00
presenters
serializers
services Handle links with no href in VerifyLinkService (#20741) 2022-11-17 10:59:35 +01:00
validators
views
workers Change incoming activity processing to happen in ingress queue (#20264) 2022-11-10 14:21:51 +01:00