add more URL validation

Turns out ShareX users and shell script authors are fucking retarded.
This commit is contained in:
Martin Herkt 2017-01-01 21:03:38 +01:00
parent 6bc7690711
commit 714de58180
No known key found for this signature in database
GPG key ID: C24B9CD04DC6AE7F

View file

@ -107,7 +107,7 @@ def shorten(url):
if len(url) > app.config["MAX_URL_LENGTH"]:
abort(414)
if not url_valid(url) or is_fhost_url(url):
if not url_valid(url) or is_fhost_url(url) or "\n" in url:
abort(400)
existing = URL.query.filter_by(url=url).first()