Merge pull request #80 from pinterest/quoteurls

Quote url to fix equal sign breaking outlook clients
This commit is contained in:
Nicholas Charriere 2018-05-07 08:59:31 -07:00 committed by GitHub
commit 68b4cec5e8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -8,6 +8,8 @@ import redis
from cryptography.fernet import Fernet from cryptography.fernet import Fernet
from flask import abort, Flask, render_template, request from flask import abort, Flask, render_template, request
from redis.exceptions import ConnectionError from redis.exceptions import ConnectionError
from werkzeug.urls import url_quote_plus
from werkzeug.urls import url_unquote_plus
SNEAKY_USER_AGENTS = ('Slackbot', 'facebookexternalhit', 'Twitterbot', SNEAKY_USER_AGENTS = ('Slackbot', 'facebookexternalhit', 'Twitterbot',
@ -165,7 +167,7 @@ def handle_password():
base_url = request.url_root base_url = request.url_root
else: else:
base_url = request.url_root.replace("http://", "https://") base_url = request.url_root.replace("http://", "https://")
link = base_url + token link = base_url + url_quote_plus(token)
return render_template('confirm.html', password_link=link) return render_template('confirm.html', password_link=link)
@ -173,6 +175,7 @@ def handle_password():
def show_password(password_key): def show_password(password_key):
if not request_is_valid(request): if not request_is_valid(request):
abort(404) abort(404)
password_key = url_unquote_plus(password_key)
password = get_password(password_key) password = get_password(password_key)
if not password: if not password:
abort(404) abort(404)