opensource/RSSHub
1
0
Fork 0
mirror of https://github.com/DIYgod/RSSHub.git synced 2025-12-05 20:27:52 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(route): invalid url (#11597)

Browse Source
This commit is contained in:
Tony
2023-01-11 08:57:32 -03:00
committed by GitHub
parent 2ebefe0c40
commit e2a57e4945
4 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/routes/gitlab/explore.js
View File

@@ -12,7 +12,7 @@ module.exports = async (ctx) => {
starred: 'Most stars',
all: 'All',
};
if (!config.feature.allow_user_supply_unsafe_domain && !allowHost.includes(new URL(host).hostname)) {
if (!config.feature.allow_user_supply_unsafe_domain && !allowHost.includes(new URL(`https://${host}/`).hostname)) {
ctx.throw(403, `This RSS is disabled unless 'ALLOW_USER_SUPPLY_UNSAFE_DOMAIN' is set to 'true'.`);
}

4
lib/v2/btzj/index.js
View File

@@ -5,12 +5,12 @@ const { parseDate } = require('@/utils/parse-date');
const { art } = require('@/utils/render');
const path = require('path');
const config = require('@/config').value;
const allowDomain = ['btbtt15.com'];
const allowDomain = ['2btjia.com', '88btbtt.com', 'btbtt15.com', 'btbtt20.com'];
module.exports = async (ctx) => {
let category = ctx.params.category ?? '';
let domain = ctx.query.domain ?? 'btbtt15.com';
if (!config.feature.allow_user_supply_unsafe_domain && !allowDomain.includes(new URL(domain).hostname)) {
if (!config.feature.allow_user_supply_unsafe_domain && !allowDomain.includes(new URL(`http://${domain}/`).hostname)) {
ctx.throw(403, `This RSS is disabled unless 'ALLOW_USER_SUPPLY_UNSAFE_DOMAIN' is set to 'true'.`);
}

2
lib/v2/javbus/index.js
View File

@@ -20,7 +20,7 @@ module.exports = async (ctx) => {
const rootUrl = `https://www.${domain}`;
const westernUrl = `https://www.${westernDomain}`;
if (!config.feature.allow_user_supply_unsafe_domain && (!allowDomain.includes(new URL(domain).hostname) || !allowDomain.includes(new URL(westernDomain).hostname))) {
if (!config.feature.allow_user_supply_unsafe_domain && (!allowDomain.includes(new URL(`https://${domain}/`).hostname) || !allowDomain.includes(new URL(`https://${westernDomain}/`).hostname))) {
ctx.throw(403, `This RSS is disabled unless 'ALLOW_USER_SUPPLY_UNSAFE_DOMAIN' is set to 'true'.`);
}

2
lib/v2/javdb/utils.js
View File

@@ -7,7 +7,7 @@ const allowDomain = ['javdb.com', 'javdb36.com', 'javdb007.com'];
module.exports = {
ProcessItems: async (ctx, currentUrl, title) => {
const domain = ctx.query.domain ?? 'javdb.com';
if (!config.feature.allow_user_supply_unsafe_domain && !allowDomain.includes(new URL(domain).hostname)) {
if (!config.feature.allow_user_supply_unsafe_domain && !allowDomain.includes(new URL(`https://${domain}/`).hostname)) {
ctx.throw(403, `This RSS is disabled unless 'ALLOW_USER_SUPPLY_UNSAFE_DOMAIN' is set to 'true'.`);
}