From 4d0005a4493e6d929352c7cada6820d9c1a79e8a Mon Sep 17 00:00:00 2001
From: Roman Karwacik <roman.karwacik@rwth-aachen.de>
Date: Wed, 15 Sep 2021 00:18:24 +0200
Subject: [PATCH] Fixed authentication bypass

---
 server.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/server.py b/server.py
index 6f5d472..e8ddd0e 100644
--- a/server.py
+++ b/server.py
@@ -431,7 +431,8 @@ def auth(): #pylint: disable=too-many-branches
 		cookie = int(request.cookies['tracking'])
 	else:
 		cookie = random.getrandbits(8*8-1)
-	if url.endswith('jpg') or ismod():
+	url_path = urllib.parse.urlparse(url).path
+	if url_path.endswith('jpg') or ismod():
 		return "OK", 200
 	if url.startswith('pub/hls/'):
 		handle = url[len('pub/hls/'):].split('_')[0].split('.')[0]
-- 
GitLab