Matrix-Mirrors/pantalaimon
1
0
Fork 0
mirror of https://github.com/matrix-org/pantalaimon.git synced 2025-01-09 14:39:34 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix(daemon): Don't use the raw path if we need to sanitize filters

Browse Source 
Using the raw path sabotages the filter sanitization.
This commit is contained in:
Damir Jelić 2022-02-02 14:41:18 +01:00
parent e5fb0b7f17
commit c89e87c22a
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
pantalaimon/daemon.py
View File

@ -460,6 +460,7 @@ class ProxyDaemon:
data=None, # type: bytes data=None, # type: bytes
session=None, # type: aiohttp.ClientSession session=None, # type: aiohttp.ClientSession
token=None, # type: str token=None, # type: str
use_raw_path=True, # type: bool
): ):
# type: (...) -> aiohttp.ClientResponse # type: (...) -> aiohttp.ClientResponse
"""Forward the given request to our configured homeserver. """Forward the given request to our configured homeserver.
@ -474,6 +475,10 @@ class ProxyDaemon:
should be used to forward the request. should be used to forward the request.
token (str, optional): The access token that should be used for the token (str, optional): The access token that should be used for the
request. request.
use_raw_path (str, optional): Should the raw path be used from the
request or should we use the path and re-encode it. Some may need
their filters to be sanitized, this requires the parsed version of
the path, otherise we leave the path as is.
""" """
if not session: if not session:
if not self.default_session: if not self.default_session:
@ -482,7 +487,7 @@ class ProxyDaemon:
assert session assert session
path = request.raw_path path = request.raw_path if use_raw_path else urllib.parse.quote(request.path)
method = request.method method = request.method
headers = CIMultiDict(request.headers) headers = CIMultiDict(request.headers)
@ -761,7 +766,7 @@ class ProxyDaemon:
try: try:
response = await self.forward_request( response = await self.forward_request(
request, params=query, token=client.access_token request, params=query, token=client.access_token, use_raw_path=False
) )
except ClientConnectionError as e: except ClientConnectionError as e:
return web.Response(status=500, text=str(e)) return web.Response(status=500, text=str(e))
@ -809,7 +814,9 @@ class ProxyDaemon:
query["filter"] = request_filter query["filter"] = request_filter
try: try:
response = await self.forward_request(request, params=query) response = await self.forward_request(
request, params=query, use_raw_path=False
)
except ClientConnectionError as e: except ClientConnectionError as e:
return web.Response(status=500, text=str(e)) return web.Response(status=500, text=str(e))