web: Fix an open redirect in StaticFileHandler
Under some configurations the default_filename redirect could be exploited to redirect to an attacker-controlled site. This change refuses to redirect to URLs that could be misinterpreted. A test case for the specific vulnerable configuration will follow after the patch has been available.
Showing
想要评论请 注册 或 登录