Add quote protection for password containing it (#858 )

Co-authored-by: ilike2burnthing <59480337+ilike2burnthing@users.noreply.github.com>
Handle empty string and keys without value in postData. resolves #1548 (#1550 )
2026-04-26 09:55:35 +02:00 · 2025-10-01 06:46:08 +01:00 · 2025-10-01 04:56:57 +01:00
1 changed files with 6 additions and 4 deletions
--- a/src/flaresolverr_service.py
+++ b/src/flaresolverr_service.py
@@ -403,10 +403,10 @@ def _evil_logic(req: V1RequestBase, driver: WebDriver, method: str) -> Challenge

 def _post_request(req: V1RequestBase, driver: WebDriver):
    post_form = f'<form id="hackForm" action="{req.url}" method="POST">'
-    query_string = req.postData if req.postData[0] != '?' else req.postData[1:]
+    query_string = req.postData if req.postData and req.postData[0] != '?' else req.postData[1:] if req.postData else ''
    pairs = query_string.split('&')
    for pair in pairs:
-        parts = pair.split('=')
+        parts = pair.split('=', 1)
        # noinspection PyBroadException
        try:
            name = unquote(parts[0])
@@ -416,9 +416,11 @@ def _post_request(req: V1RequestBase, driver: WebDriver):
            continue
        # noinspection PyBroadException
        try:
-            value = unquote(parts[1])
+            value = unquote(parts[1]) if len(parts) > 1 else ''
        except Exception:
-            value = parts[1]
+            value = parts[1] if len(parts) > 1 else ''
+        # Protection of " character, for syntax
+        value=value.replace('"','&quot;')
        post_form += f'<input type="text" name="{escape(quote(name))}" value="{escape(quote(value))}"><br>'
    post_form += '</form>'
    html_content = f"""
Author	SHA1	Message	Date
Warrenberberd	d27f57c27c	Add quote protection for password containing it (#858 ) Co-authored-by: ilike2burnthing <59480337+ilike2burnthing@users.noreply.github.com>	2025-10-01 06:46:08 +01:00
eZ4RK0	a916d93779	Handle empty string and keys without value in postData. resolves #1548 (#1550 )	2025-10-01 04:56:57 +01:00