From d8a6acda96fe1ca28f31c965cfc25a482d5ca6ee Mon Sep 17 00:00:00 2001 From: kolaente Date: Sun, 31 May 2020 22:36:25 +0200 Subject: [PATCH] Fix proxying unsplash images (security) --- pkg/modules/background/unsplash/proxy.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkg/modules/background/unsplash/proxy.go b/pkg/modules/background/unsplash/proxy.go index 64738958..9c60c38b 100644 --- a/pkg/modules/background/unsplash/proxy.go +++ b/pkg/modules/background/unsplash/proxy.go @@ -20,10 +20,12 @@ import ( "code.vikunja.io/web/handler" "github.com/labstack/echo/v4" "net/http" + "strings" ) func unsplashImage(url string, c echo.Context) error { - resp, err := http.Get(url) + // Replacing and appending the url for security reasons + resp, err := http.Get("https://images.unsplash.com/" + strings.Replace(url, "https://images.unsplash.com/", "", 1)) if err != nil { return err }