|
|
@@ -10,6 +10,7 @@ import (
|
|
|
"errors"
|
|
|
"log/slog"
|
|
|
"net/http"
|
|
|
+ "net/url"
|
|
|
"time"
|
|
|
|
|
|
"miniflux.app/v2/internal/config"
|
|
|
@@ -54,6 +55,27 @@ func (h *handler) mediaProxy(w http.ResponseWriter, r *http.Request) {
|
|
|
return
|
|
|
}
|
|
|
|
|
|
+ u, err := url.Parse(string(decodedURL))
|
|
|
+ if err != nil {
|
|
|
+ html.BadRequest(w, r, errors.New("invalid URL provided"))
|
|
|
+ return
|
|
|
+ }
|
|
|
+
|
|
|
+ if u.Scheme != "http" && u.Scheme != "https" {
|
|
|
+ html.BadRequest(w, r, errors.New("invalid URL provided"))
|
|
|
+ return
|
|
|
+ }
|
|
|
+
|
|
|
+ if u.Host == "" {
|
|
|
+ html.BadRequest(w, r, errors.New("invalid URL provided"))
|
|
|
+ return
|
|
|
+ }
|
|
|
+
|
|
|
+ if !u.IsAbs() {
|
|
|
+ html.BadRequest(w, r, errors.New("invalid URL provided"))
|
|
|
+ return
|
|
|
+ }
|
|
|
+
|
|
|
mediaURL := string(decodedURL)
|
|
|
slog.Debug("MediaProxy: Fetching remote resource",
|
|
|
slog.String("media_url", mediaURL),
|
Frédéric Guillot