Repository :
http://git.fedorahosted.org/cgit/copr.git
On branch : master
---------------------------------------------------------------
commit c8ec08a8bc6b04cdc751420dcaa790319dbf260c
Author: Ralph Bean <rbean(a)redhat.com>
Date: Fri May 2 19:42:01 2014 -0400
Use flask_openid safe_roots to mitigate Covert Redirect.
---------------------------------------------------------------
frontend/coprs_frontend/coprs/__init__.py | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/frontend/coprs_frontend/coprs/__init__.py
b/frontend/coprs_frontend/coprs/__init__.py
index d69a635..b057f26 100644
--- a/frontend/coprs_frontend/coprs/__init__.py
+++ b/frontend/coprs_frontend/coprs/__init__.py
@@ -21,7 +21,7 @@ else:
app.config.from_pyfile("/etc/copr/copr.conf", silent=True)
-oid = OpenID(app, app.config["OPENID_STORE"])
+oid = OpenID(app, app.config["OPENID_STORE"], safe_roots=[])
db = SQLAlchemy(app)
whooshee = Whooshee(app)