From eac2002f56bbde1eba48251f9532dac0bd770e6b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Fri, 29 Aug 2025 12:13:06 +0200
Subject: [PATCH] poprawka bledu

---
 app.py          | 13 +++++++++++++
 listapp.service |  7 ++-----
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/app.py b/app.py
index 46c55d7..775278a 100644
--- a/app.py
+++ b/app.py
@@ -241,15 +241,28 @@ def cache_headers(etag: str, up_lm: Optional[str]):
 
 
 def validate_and_normalize_url(url):
+    url = (url or "").strip()
+
+    # prosta sanity-check: usuń CR/LF
+    if any(c in url for c in ("\r", "\n")):
+        raise ValueError("Invalid characters in URL")
+
     parsed = urlparse(url)
     if not parsed.scheme:
         url = f"https://{url}"
         parsed = urlparse(url)
+
+    # akceptuj tylko http/https
+    if parsed.scheme not in {"http", "https"}:
+        raise ValueError(f"Unsupported scheme: {parsed.scheme}")
+
     if not parsed.netloc:
         raise ValueError("Missing host in URL")
+
     return parsed.geturl()
 
 
+
 def track_url_request(url):
     redis_client.incr(f"stats:url_requests:{quote(url, safe='')}")
 
diff --git a/listapp.service b/listapp.service
index 862845e..239af85 100644
--- a/listapp.service
+++ b/listapp.service
@@ -6,14 +6,11 @@ Wants=network-online.target
 [Service]
 User=www-data
 Group=www-data
-
-# główny katalog aplikacji
-Environment="APP_DIR=/var/www/adlist_mikrotik"
 WorkingDirectory=/var/www/adlist_mikrotik
 EnvironmentFile=-/var/www/adlist_mikrotik/.env
-Environment="PATH=${APP_DIR}/venv/bin"
+Environment="PATH=/var/www/adlist_mikrotik/venv/bin"
 
-ExecStart=${APP_DIR}/venv/bin/gunicorn \
+ExecStart=/var/www/adlist_mikrotik/venv/bin/gunicorn \
   -k uvicorn.workers.UvicornWorker \
   --workers 4 \
   --bind 127.0.0.1:8283 \