admin.suherdy/http_routing_safe_url
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f63dfd6c09
http_routing_safe_url/README.md
Suherdy Yacob f63dfd6c09 first commit
2026-05-11 13:08:46 +07:00

1.2 KiB
Raw Blame History

HTTP Routing Safe URL

Prevent Odoo 19 from crashing when handling URLs containing dot segments (path traversal attempts).

Problem

In Odoo 19, the utility tools.urls.urljoin was updated with strict validation that raises a ValueError if any path component contains a dot segment (. or ..).

This causes a server-wide crash (500 Error) whenever a request hits a URL with these segments (e.g., bot probes like example.com/../), because the Odoo Website module tries to generate a canonical URL during error handling. Instead of a clean 404 page, the user sees a server error.

Solution

This module patches IrHttp._url_localized to detect and resolve dot segments using urllib.parse.urljoin before they are passed to the strict Odoo utility. This allows Odoo to handle these requests gracefully (returning a 404) instead of crashing.

Features

  • Detects dot segments in URLs (including encoded variants like %2e).
  • Resolves segments to a clean path (e.g., /fr/../shop becomes /shop).
  • Prevents ValueError: Dot segments are not allowed tracebacks in logs.

Installation

  1. Install this module in your Odoo 19 database.
  2. No further configuration is required.