Fix proxying unsplash images (security)

This commit is contained in:
kolaente 2020-05-31 22:36:25 +02:00
parent 03ef48a0ae
commit d8a6acda96
No known key found for this signature in database
GPG key ID: F40E70337AB24C9B

View file

@ -20,10 +20,12 @@ import (
"code.vikunja.io/web/handler" "code.vikunja.io/web/handler"
"github.com/labstack/echo/v4" "github.com/labstack/echo/v4"
"net/http" "net/http"
"strings"
) )
func unsplashImage(url string, c echo.Context) error { func unsplashImage(url string, c echo.Context) error {
resp, err := http.Get(url) // Replacing and appending the url for security reasons
resp, err := http.Get("https://images.unsplash.com/" + strings.Replace(url, "https://images.unsplash.com/", "", 1))
if err != nil { if err != nil {
return err return err
} }