A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://github.com/django/django/commit/22bd17488159601bf0741b70ae7932bffea8eced below:

[3.1.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an … · django/django@22bd174 · GitHub

@@ -153,7 +153,11 @@ def __init__(self, regex, name=None, is_endpoint=False):

 153 153

self.converters = {}

 154 154 155 155

def match(self, path):

 156 -

match = self.regex.search(path)

 156 +

match = (

 157 +

self.regex.fullmatch(path)

 158 +

if self._is_endpoint and self.regex.pattern.endswith('$')

 159 +

else self.regex.search(path)

 160 +

)

 157 161

if match:

 158 162

# If there are any named groups, use those as kwargs, ignoring

 159 163

# non-named groups. Otherwise, pass all non-named arguments as

@@ -240,7 +244,7 @@ def _route_to_regex(route, is_endpoint=False):

 240 244

converters[parameter] = converter

 241 245

parts.append('(?P<' + parameter + '>' + converter.regex + ')')

 242 246

if is_endpoint:

 243 -

parts.append('$')

 247 +

parts.append(r'\Z')

 244 248

return ''.join(parts), converters

 245 249 246 250

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4