Corrects a default HTTP redirect rule:

A redirect should not be carried out if credentials are embedded in the URL. Fixes #826
2026-01-06 06:29:03 +00:00 · 2017-04-19 18:30:13 +00:00
parent 256378df5c
commit 17c37b7e8d
1 changed files with 1 additions and 1 deletions
--- a/nselib/http.lua
+++ b/nselib/http.lua
@@ -1479,7 +1479,7 @@ local redirect_ok_rules = {
  -- Check if there's any credentials in the url
  function (url, host, port)
    -- bail if userinfo is present
-    return ( url.userinfo and false ) or true
+    return not url.userinfo
  end,

  -- Check if the location is within the domain or host