diff --git a/Dockerfile b/Dockerfile index 43e7125..d5a0864 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.6.5-stretch +FROM python:3.7-bullseye # Env var to force update of the image. Increment for each time this is needed ENV CACHE_BUSTER_VAR=1 @@ -17,6 +17,7 @@ RUN mkdir -p /app/ssl && cd /app/ssl && \ # Set up gogo. ADD resources/requirements.txt /app/resources/requirements.txt +RUN pip install setuptools==45 RUN pip install -r /app/resources/requirements.txt && pip freeze ADD resources /app/resources/ diff --git a/resources/requirements.txt b/resources/requirements.txt index fbc97d5..004e892 100644 --- a/resources/requirements.txt +++ b/resources/requirements.txt @@ -25,5 +25,5 @@ s3transfer==0.1.11 six==1.10.0 SQLAlchemy==1.1.14 uritemplate==3.0.0 -urllib3==1.26.5 +urllib3==1.24.3 Werkzeug==0.15.3 diff --git a/src/gogo.py b/src/gogo.py index 4f449d0..a576f49 100644 --- a/src/gogo.py +++ b/src/gogo.py @@ -14,6 +14,17 @@ HTTPS_REDIRECT_URL = os.getenv("HTTPS_REDIRECT_URL", "https://localhost") +def _replace_placeholders(input_string, token_string): + placeholder_count = input_string.count("%s") + token_count = token_string.count("/") + 1 + if placeholder_count > token_count: + return None + + tokens = token_string.split("/", placeholder_count-1) + replaced_string = input_string.replace("%s", "{}").format(*tokens) + return replaced_string + + class DashboardView(BaseListView): template = "dashboard.html" @@ -159,15 +170,18 @@ def get(self, name): and shortcut.secondary_url and "%s" in shortcut.secondary_url ): + formatted_url = _replace_placeholders(str(shortcut.secondary_url), secondary_arg) + if not formatted_url: + flask.abort(400) + response = flask.make_response( - flask.redirect( - str(shortcut.secondary_url).replace("%s", secondary_arg) - ) + flask.redirect(formatted_url) ) else: response = flask.make_response( flask.redirect(str(shortcut.url), code=301) ) + response.headers["Cache-Control"] = "no-cache, no-store, must-revalidate" return response