You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
One of the default HTTP redirect checks, located here, is presumably to prevent a redirect if credentials are embedded in the URL:
-- Check if there's any credentials in the urlfunction (url, host, port)
-- bail if userinfo is presentreturn ( url.userinfoandfalse ) ortrueend,
The return expression is patently broken as it always returns true:
$ lua
Lua 5.3.4 Copyright (C) 1994-2017 Lua.org, PUC-Rio
> url={userinfo="whatever"}
> print((url.userinfo and false) or true)
true
> url.userinfo=nil
> print((url.userinfo and false) or true)
true
The following patch resolves the issue:
--- a/nselib/http.lua+++ b/nselib/http.lua@@ -1479,7 +1479,7 @@
-- Check if there's any credentials in the url
function (url, host, port)
-- bail if userinfo is present
- return ( url.userinfo and false ) or true+ return not url.userinfo
end,
-- Check if the location is within the domain or host
Please let me know if you have any questions or concerns. Otherwise I will commit the patch in a few weeks.
The text was updated successfully, but these errors were encountered:
One of the default HTTP redirect checks, located here, is presumably to prevent a redirect if credentials are embedded in the URL:
The return expression is patently broken as it always returns true:
The following patch resolves the issue:
Please let me know if you have any questions or concerns. Otherwise I will commit the patch in a few weeks.
The text was updated successfully, but these errors were encountered: