From 6d50313fa4626c38641c59fbe9ab0cdcc1deb8bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20H=C3=B6rist?= <forenjunkie@chello.at>
Date: Fri, 9 Jun 2017 23:25:14 +0200
Subject: [PATCH] [httpupload] Dont allow insecure transport

---
 httpupload/httpupload.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/httpupload/httpupload.py b/httpupload/httpupload.py
index af9dcf8..da4c3ad 100644
--- a/httpupload/httpupload.py
+++ b/httpupload/httpupload.py
@@ -19,6 +19,7 @@ import threading
 import ssl
 import urllib
 from urllib.request import Request, urlopen
+from urllib.parse import urlparse
 import io
 import mimetypes
 import logging
@@ -269,6 +270,16 @@ class Base(object):
                         transient_for=file.control.parent_win.window)
             return
 
+        try:
+            if (urlparse(file.put).scheme != 'https' or
+                    urlparse(file.get).scheme != 'https'):
+                raise UnsecureTransportError
+        except UnsecureTransportError as error:
+            file.progress.close_dialog()
+            ErrorDialog(_('Error'), str(error),
+                        transient_for=file.control.parent_win.window)
+            return
+
         try:
             file.stream = StreamFileWithProgress(file)
         except Exception as exc:
@@ -444,3 +455,7 @@ class ProgressWindow:
 class UploadAbortedException(Exception):
     def __str__(self):
         return "Upload Aborted"
+
+class UnsecureTransportError(Exception):
+    def __str__(self):
+        return 'Server returned unsecure transport'