From 5a0beb1a7513692fe60480185ba42bf2db010c04 Mon Sep 17 00:00:00 2001 From: Nicholas Charriere Date: Sun, 6 May 2018 14:55:18 -0700 Subject: [PATCH 1/3] Quote url to fix equal sign breaking outlook clients --- snappass/main.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/snappass/main.py b/snappass/main.py index 15de24e..9a51308 100644 --- a/snappass/main.py +++ b/snappass/main.py @@ -1,6 +1,7 @@ import os import re import sys +import urllib import uuid import redis @@ -165,7 +166,7 @@ def handle_password(): base_url = request.url_root else: base_url = request.url_root.replace("http://", "https://") - link = base_url + token + link = base_url + urllib.quote(token) return render_template('confirm.html', password_link=link) @@ -173,6 +174,7 @@ def handle_password(): def show_password(password_key): if not request_is_valid(request): abort(404) + password_key = urllib.unquote(password_key) password = get_password(password_key) if not password: abort(404) From 9e7ca474cd82dd68e363587e4d43f2442cbae297 Mon Sep 17 00:00:00 2001 From: Nicholas Charriere Date: Sun, 6 May 2018 15:07:01 -0700 Subject: [PATCH 2/3] py2 and py3 support --- snappass/main.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/snappass/main.py b/snappass/main.py index 9a51308..204090c 100644 --- a/snappass/main.py +++ b/snappass/main.py @@ -1,7 +1,11 @@ import os import re import sys -import urllib +# Support python2 and python3 quote import +try: + from urllib import quote, unquote +except ImportError: + from urllib.parse import quote, unquote import uuid import redis @@ -166,7 +170,7 @@ def handle_password(): base_url = request.url_root else: base_url = request.url_root.replace("http://", "https://") - link = base_url + urllib.quote(token) + link = base_url + quote(token) return render_template('confirm.html', password_link=link) @@ -174,7 +178,7 @@ def handle_password(): def show_password(password_key): if not request_is_valid(request): abort(404) - password_key = urllib.unquote(password_key) + password_key = unquote(password_key) password = get_password(password_key) if not password: abort(404) From 13f294cae5e1f30e4f6c4fa6ce6c356d2bdcb236 Mon Sep 17 00:00:00 2001 From: Nicholas Charriere Date: Mon, 7 May 2018 08:21:07 -0700 Subject: [PATCH 3/3] Use werkzeug quote/unquote functions instead of urllib --- snappass/main.py | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/snappass/main.py b/snappass/main.py index 204090c..5cc3b77 100644 --- a/snappass/main.py +++ b/snappass/main.py @@ -1,11 +1,6 @@ import os import re import sys -# Support python2 and python3 quote import -try: - from urllib import quote, unquote -except ImportError: - from urllib.parse import quote, unquote import uuid import redis @@ -13,6 +8,8 @@ import redis from cryptography.fernet import Fernet from flask import abort, Flask, render_template, request from redis.exceptions import ConnectionError +from werkzeug.urls import url_quote_plus +from werkzeug.urls import url_unquote_plus SNEAKY_USER_AGENTS = ('Slackbot', 'facebookexternalhit', 'Twitterbot', @@ -170,7 +167,7 @@ def handle_password(): base_url = request.url_root else: base_url = request.url_root.replace("http://", "https://") - link = base_url + quote(token) + link = base_url + url_quote_plus(token) return render_template('confirm.html', password_link=link) @@ -178,7 +175,7 @@ def handle_password(): def show_password(password_key): if not request_is_valid(request): abort(404) - password_key = unquote(password_key) + password_key = url_unquote_plus(password_key) password = get_password(password_key) if not password: abort(404)