[fix] update query params sanitization - closes #722

This commit is contained in:
Adam Tauber 2019-10-14 14:58:20 +02:00
parent 07a0a50e0d
commit 28c75c187f
1 changed files with 14 additions and 8 deletions

View File

@ -17,10 +17,10 @@ along with searx. If not, see < http://www.gnu.org/licenses/ >.
from flask_babel import gettext from flask_babel import gettext
import re import re
from searx.url_utils import urlunparse from searx.url_utils import urlunparse, parse_qsl, urlencode
regexes = {re.compile(r'utm_[^&]+&?'), regexes = {re.compile(r'utm_[^&]+'),
re.compile(r'(wkey|wemail)[^&]+&?'), re.compile(r'(wkey|wemail)[^&]*'),
re.compile(r'&$')} re.compile(r'&$')}
name = gettext('Tracker URL remover') name = gettext('Tracker URL remover')
@ -34,12 +34,18 @@ def on_result(request, search, result):
if query == "": if query == "":
return True return True
parsed_query = parse_qsl(query)
for reg in regexes: changed = False
query = reg.sub('', query) for i,(param_name,_) in enumerate(list(parsed_query)):
for reg in regexes:
if reg.match(param_name):
parsed_query.pop(i)
changed = True
break
if query != result['parsed_url'].query: if changed:
result['parsed_url'] = result['parsed_url']._replace(query=query) result['parsed_url'] = result['parsed_url']._replace(query=urlencode(parsed_query))
result['url'] = urlunparse(result['parsed_url']) result['url'] = urlunparse(result['parsed_url'])
return True return True