From 4011a113ccc1241b60f607ce76db982625f7b9b1 Mon Sep 17 00:00:00 2001 From: Omar Roth Date: Sun, 15 Mar 2020 17:37:51 -0400 Subject: [PATCH] Strip invalid characters from referer URLs --- src/invidious/helpers/utils.cr | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/invidious/helpers/utils.cr b/src/invidious/helpers/utils.cr index 7c5edc5ca..a0a619fa6 100644 --- a/src/invidious/helpers/utils.cr +++ b/src/invidious/helpers/utils.cr @@ -316,7 +316,7 @@ def get_referer(env, fallback = "/", unroll = true) end referer = referer.full_path - referer = "/" + referer.lstrip("/\\") + referer = "/" + referer.gsub(/[^\/?@&%=\-_.0-9a-zA-Z]/, "").lstrip("/\\") if referer == env.request.path referer = fallback