From 1c2efc88da2069684a670d5b2159e4db4b4c11d9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Fri, 4 Jan 2019 11:56:29 +0100
Subject: [PATCH] fix: sanitize ipasn_history proxy

---
 website/web/__init__.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/website/web/__init__.py b/website/web/__init__.py
index 2da8ea8..0171dd4 100644
--- a/website/web/__init__.py
+++ b/website/web/__init__.py
@@ -1,6 +1,7 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 
+from urllib.parse import urljoin
 try:
     import simplejson as json
 except ImportError:
@@ -78,8 +79,7 @@ def ipasn_history_proxy(path):
     config, general_config_file = load_general_config()
     if 'ipasnhistory_url' not in config:
         raise MissingConfigEntry(f'"ipasnhistory_url" is missing in {general_config_file}.')
-    full_path_to_proxy = request.full_path.replace('/ipasn_history/', '')
-    proxied_url = f'{config["ipasnhistory_url"]}{full_path_to_proxy}'
+    proxied_url = urljoin(config['ipasnhistory_url'], request.full_path.replace('/ipasn_history', ''))
     if request.method in ['GET', 'HEAD']:
         to_return = requests.get(proxied_url).json()
     elif request.method == 'POST':