21 lines
1.2 KiB
Markdown
21 lines
1.2 KiB
Markdown
# HTTP Routing Safe URL
|
|
|
|
Prevent Odoo 19 from crashing when handling URLs containing dot segments (path traversal attempts).
|
|
|
|
## Problem
|
|
In Odoo 19, the utility `tools.urls.urljoin` was updated with strict validation that raises a `ValueError` if any path component contains a dot segment (`.` or `..`).
|
|
|
|
This causes a server-wide crash (500 Error) whenever a request hits a URL with these segments (e.g., bot probes like `example.com/../`), because the Odoo Website module tries to generate a canonical URL during error handling. Instead of a clean 404 page, the user sees a server error.
|
|
|
|
## Solution
|
|
This module patches `IrHttp._url_localized` to detect and resolve dot segments using `urllib.parse.urljoin` before they are passed to the strict Odoo utility. This allows Odoo to handle these requests gracefully (returning a 404) instead of crashing.
|
|
|
|
## Features
|
|
- Detects dot segments in URLs (including encoded variants like `%2e`).
|
|
- Resolves segments to a clean path (e.g., `/fr/../shop` becomes `/shop`).
|
|
- Prevents `ValueError: Dot segments are not allowed` tracebacks in logs.
|
|
|
|
## Installation
|
|
1. Install this module in your Odoo 19 database.
|
|
2. No further configuration is required.
|