From 75cda15ea4ee0b2608d9f07cae718db4e1df8c45 Mon Sep 17 00:00:00 2001 From: Ilya Kreymer Date: Wed, 6 Aug 2014 12:39:48 -0700 Subject: [PATCH 1/2] fix self-redirect check with relative urls in Location --- pywb/webapp/replay_views.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pywb/webapp/replay_views.py b/pywb/webapp/replay_views.py index 9f32ad5d..6572419f 100644 --- a/pywb/webapp/replay_views.py +++ b/pywb/webapp/replay_views.py @@ -1,5 +1,6 @@ import re from io import BytesIO +from urlparse import urlsplit from pywb.utils.statusandheaders import StatusAndHeaders from pywb.utils.wbexception import WbException, NotFoundException @@ -224,6 +225,9 @@ class ReplayView(object): return location_url = location_url.lower() + if location_url.startswith('/'): + host = urlsplit(cdx['original']).netloc + location_url = host + location_url if (ReplayView.strip_scheme(request_url) == ReplayView.strip_scheme(location_url)): From 501c942a6f181e96454343f0eaf19d4613319e70 Mon Sep 17 00:00:00 2001 From: Ilya Kreymer Date: Wed, 6 Aug 2014 13:19:52 -0700 Subject: [PATCH 2/2] tests: add test for rel self-redirect --- tests/test_integration.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/test_integration.py b/tests/test_integration.py index 8c9ee900..789bb3dc 100644 --- a/tests/test_integration.py +++ b/tests/test_integration.py @@ -241,6 +241,11 @@ class TestWb: assert resp.status_int == 200 assert resp.content_type == 'text/css' + def test_rel_self_redirect(self): + uri = '/pywb/20140126200927mp_/http://www.iana.org/domains/root/db' + resp = self.testapp.get(uri, status=302) + assert resp.status_int == 302 + assert resp.headers['Location'].endswith('/pywb/20140126200928mp_/http://www.iana.org/domains/root/db') def test_referrer_self_redirect(self): uri = '/pywb/20140127171239mp_/http://www.iana.org/_css/2013.1/screen.css'