mirror of
https://github.com/searxng/searxng
synced 2024-01-01 18:24:07 +00:00
[fix] use hmac.compare_digest instead of ==
see https://docs.python.org/3/library/hmac.html#hmac.HMAC.hexdigest
This commit is contained in:
parent
c6922ae7c5
commit
d784870209
@ -1067,8 +1067,9 @@ def image_proxy():
|
|||||||
if not url:
|
if not url:
|
||||||
return '', 400
|
return '', 400
|
||||||
|
|
||||||
h = new_hmac(settings['server']['secret_key'], url.encode())
|
h_url = new_hmac(settings['server']['secret_key'], url.encode())
|
||||||
if h != request.args.get('h'):
|
h_args = request.args.get('h')
|
||||||
|
if len(h_url) != len(h_args) or not hmac.compare_digest(h_url, h_args):
|
||||||
return '', 400
|
return '', 400
|
||||||
|
|
||||||
maximum_size = 5 * 1024 * 1024
|
maximum_size = 5 * 1024 * 1024
|
||||||
|
Loading…
Reference in New Issue
Block a user