From b0a5a53b0950623ca20b767cb0dc6430eb796098 Mon Sep 17 00:00:00 2001 From: Noah Petherbridge Date: Fri, 5 Dec 2014 01:54:32 +0000 Subject: [PATCH] Don't allow trailing slashes on catchall routes --- rophako/app.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/rophako/app.py b/rophako/app.py index 597c281..45849d0 100644 --- a/rophako/app.py +++ b/rophako/app.py @@ -2,7 +2,8 @@ """Flask app for Rophako.""" -from flask import Flask, g, request, session, render_template, send_file, abort +from flask import (Flask, g, request, session, render_template, send_file, + abort, redirect) from flask_sslify import SSLify import jinja2 import os.path @@ -128,6 +129,10 @@ def catchall(path): """The catch-all path handler. If it exists in the www folders, it's sent, otherwise we give the 404 error page.""" + if path.endswith("/"): + path = path.strip("/") # Remove trailing slashes. + return redirect(path) + # Search for this file. for root in [Config.site.site_root, "rophako/www"]: abspath = os.path.abspath("{}/{}".format(root, path))