update is_safe_url()

pyload · Jan 24, 2023 · 3eeecf5 · 3eeecf5
1 parent 9c233f6
commit 3eeecf5
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/pyload/webui/app/helpers.py b/src/pyload/webui/app/helpers.py
@@ -21,7 +21,7 @@ def default(self, obj):
 def is_safe_url(location):
     ref_url = urlparse(flask.request.host_url)
     test_url = urlparse(urljoin(flask.request.host_url, location))
-    return ref_url.netloc == test_url.netloc
+    return test_url.scheme in ('http', 'https') and ref_url.netloc == test_url.netloc
 
 
 def get_redirect_url(fallback=None):