tedkulp/nitter
1
0
Fork 0
mirror of https://github.com/zedeus/nitter.git synced 2026-03-05 13:30:19 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix /pic/ exploit

Browse Source
This commit is contained in:
Zed
2026-02-06 20:32:44 +01:00
parent a45227b883
commit 33dd9b6668
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/routes/media.nim
View File

@@ -93,6 +93,8 @@ proc createMediaRouter*(cfg: Config) =
get re"^\/pic\/orig\/(enc)?\/?(.+)": get re"^\/pic\/orig\/(enc)?\/?(.+)":
var url = decoded(request, 1) var url = decoded(request, 1)
cond "amplify_video" notin url
if "twimg.com" notin url: if "twimg.com" notin url:
url.insert(twimg) url.insert(twimg)
if not url.startsWith(https): if not url.startsWith(https):
@@ -107,6 +109,8 @@ proc createMediaRouter*(cfg: Config) =
get re"^\/pic\/(enc)?\/?(.+)": get re"^\/pic\/(enc)?\/?(.+)":
var url = decoded(request, 1) var url = decoded(request, 1)
cond "amplify_video" notin url
if "twimg.com" notin url: if "twimg.com" notin url:
url.insert(twimg) url.insert(twimg)
if not url.startsWith(https): if not url.startsWith(https):