mirror of
https://github.com/SickGear/SickGear.git
synced 2024-11-15 01:15:05 +00:00
Merge branch 'feature/UpdateTornado' into dev
This commit is contained in:
commit
8ac3d82c12
3 changed files with 13 additions and 3 deletions
|
@ -12,7 +12,7 @@
|
||||||
* Update Requests library 2.28.1 (ec553c2) to 2.29.0 (87d63de)
|
* Update Requests library 2.28.1 (ec553c2) to 2.29.0 (87d63de)
|
||||||
* Update Send2Trash 1.8.1b0 (0ef9b32) to 1.8.2 (0244f53)
|
* Update Send2Trash 1.8.1b0 (0ef9b32) to 1.8.2 (0244f53)
|
||||||
* Update SimpleJSON 3.18.1 (c891b95) to 3.19.1 (aeb63ee)
|
* Update SimpleJSON 3.18.1 (c891b95) to 3.19.1 (aeb63ee)
|
||||||
* Update Tornado Web Server 6.3.0 (7186b86) to 6.3.1 (419838b)
|
* Update Tornado Web Server 6.3.0 (7186b86) to 6.3.2 (e3aa6c5)
|
||||||
* Update urllib3 1.26.14 (a06c05c) to 1.26.15 (25cca389)
|
* Update urllib3 1.26.14 (a06c05c) to 1.26.15 (25cca389)
|
||||||
* Change allow rapidfuzz update from 2.x.x to 3.x.x
|
* Change allow rapidfuzz update from 2.x.x to 3.x.x
|
||||||
* Change remove redundant py2 import futures
|
* Change remove redundant py2 import futures
|
||||||
|
@ -30,6 +30,7 @@
|
||||||
[develop changelog]
|
[develop changelog]
|
||||||
|
|
||||||
* Update filelock 3.9.0 (ce3e891) to 3.11.0 (d3241b9)
|
* Update filelock 3.9.0 (ce3e891) to 3.11.0 (d3241b9)
|
||||||
|
* Update Tornado Web Server 6.3.1 (419838b) to 6.3.2 (e3aa6c5)
|
||||||
* Fix tv test to init recently added ReleaseMap to scene_exceptions refactor
|
* Fix tv test to init recently added ReleaseMap to scene_exceptions refactor
|
||||||
* Fix double use of var `result` overwrites the return value and causes an error in _parse_custom_exceptions
|
* Fix double use of var `result` overwrites the return value and causes an error in _parse_custom_exceptions
|
||||||
* Fix name_parser_tests and webapi_tests
|
* Fix name_parser_tests and webapi_tests
|
||||||
|
|
|
@ -22,8 +22,8 @@
|
||||||
# is zero for an official release, positive for a development branch,
|
# is zero for an official release, positive for a development branch,
|
||||||
# or negative for a release candidate or beta (after the base version
|
# or negative for a release candidate or beta (after the base version
|
||||||
# number has been incremented)
|
# number has been incremented)
|
||||||
version = "6.3.1"
|
version = "6.3.2"
|
||||||
version_info = (6, 3, 1, 0)
|
version_info = (6, 3, 2, 0)
|
||||||
|
|
||||||
import importlib
|
import importlib
|
||||||
import typing
|
import typing
|
||||||
|
|
|
@ -2879,6 +2879,15 @@ class StaticFileHandler(RequestHandler):
|
||||||
# but there is some prefix to the path that was already
|
# but there is some prefix to the path that was already
|
||||||
# trimmed by the routing
|
# trimmed by the routing
|
||||||
if not self.request.path.endswith("/"):
|
if not self.request.path.endswith("/"):
|
||||||
|
if self.request.path.startswith("//"):
|
||||||
|
# A redirect with two initial slashes is a "protocol-relative" URL.
|
||||||
|
# This means the next path segment is treated as a hostname instead
|
||||||
|
# of a part of the path, making this effectively an open redirect.
|
||||||
|
# Reject paths starting with two slashes to prevent this.
|
||||||
|
# This is only reachable under certain configurations.
|
||||||
|
raise HTTPError(
|
||||||
|
403, "cannot redirect path with two initial slashes"
|
||||||
|
)
|
||||||
self.redirect(self.request.path + "/", permanent=True)
|
self.redirect(self.request.path + "/", permanent=True)
|
||||||
return None
|
return None
|
||||||
absolute_path = os.path.join(absolute_path, self.default_filename)
|
absolute_path = os.path.join(absolute_path, self.default_filename)
|
||||||
|
|
Loading…
Reference in a new issue