search

niqdev / packtpub-crawler

Download your daily free Packt Publishing eBook https://www.packtpub.com/packt/offers/free-learning
MIT License
755 stars 178 forks source link

Check if URL is from packtpub #46

Closed juzim closed 7 years ago

juzim commented 7 years ago

If someone (maybe in a fork) creates a page with the same DOM as packtpub and supplies a newsletter URL that points there, he could make the script download malicious or spammy PDFs without the users knowledge. So it's better to check if the provided URL actually points to packtpub.

lucymhdavies commented 7 years ago

Presumably if a user creates such a malicious fork, they would also remove this safety check?

juzim commented 7 years ago

Sure, but you would see the change in the source. Right now it's just a hidden security hole that every user has to find themselves. Also the check acceps any URL with http as a valid packtpub URL, which is just plain wrong.

lucymhdavies commented 7 years ago

Ah. It's the newsletter. Yeah, that makes sense then.

niqdev commented 7 years ago

New tag: v2.2.4