From 5e2ad34864cf5e0105a4443e3a99d2fa5fe98d27 Mon Sep 17 00:00:00 2001
From: jxxghp <jxxghp@gmail.com>
Date: Sun, 9 Feb 2025 22:08:21 +0800
Subject: [PATCH] fix is_safe_url

---
 app/utils/security.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/utils/security.py b/app/utils/security.py
index f73679150..c002adce8 100644
--- a/app/utils/security.py
+++ b/app/utils/security.py
@@ -65,6 +65,7 @@ def is_safe_url(url: str, allowed_domains: Union[Set[str], List[str]], strict: b
             netloc = parsed_url.netloc.lower()
             if not netloc:
                 return False
+            netloc_no_port = netloc.split(":")[0]
 
             # 检查每个允许的域名
             allowed_domains = {d.lower() for d in allowed_domains}
@@ -78,7 +79,7 @@ def is_safe_url(url: str, allowed_domains: Union[Set[str], List[str]], strict: b
                         return True
                 else:
                     # 非严格模式下，允许子域名匹配
-                    if netloc == allowed_netloc or netloc.endswith('.' + allowed_netloc):
+                    if netloc_no_port == allowed_netloc or netloc_no_port.endswith('.' + allowed_netloc):
                         return True
 
             return False