Sanitize links before storing them
This commit is contained in:
parent
fe00a3893d
commit
061f43788c
|
@ -41,6 +41,7 @@ use Friendica\Model\Tag;
|
|||
use Friendica\Network\HTTPClient\Client\HttpClientAccept;
|
||||
use Friendica\Network\HTTPClient\Client\HttpClientOptions;
|
||||
use Friendica\Util\Map;
|
||||
use Friendica\Util\Network;
|
||||
use Friendica\Util\ParseUrl;
|
||||
use Friendica\Util\Proxy;
|
||||
use Friendica\Util\Strings;
|
||||
|
@ -434,7 +435,7 @@ class BBCode
|
|||
return $text;
|
||||
}
|
||||
|
||||
$data['url'] = self::sanitizeLink($data['url']);
|
||||
$data['url'] = Network::sanitizeUrl($data['url']);
|
||||
|
||||
if (isset($data['title'])) {
|
||||
$data['title'] = strip_tags($data['title']);
|
||||
|
@ -487,7 +488,7 @@ class BBCode
|
|||
}
|
||||
|
||||
if (!empty($data['provider_url']) && !empty($data['provider_name'])) {
|
||||
$data['provider_url'] = self::sanitizeLink($data['provider_url']);
|
||||
$data['provider_url'] = Network::sanitizeUrl($data['provider_url']);
|
||||
if (!empty($data['author_name'])) {
|
||||
$return .= sprintf('<sup><a href="%s" target="_blank" rel="noopener noreferrer">%s (%s)</a></sup>', $data['provider_url'], $data['author_name'], $data['provider_name']);
|
||||
} else {
|
||||
|
@ -1067,29 +1068,6 @@ class BBCode
|
|||
return $text;
|
||||
}
|
||||
|
||||
/**
|
||||
* Remove invalid parts from an URL
|
||||
*
|
||||
* @param string $url
|
||||
* @return string sanitized URL
|
||||
*/
|
||||
private static function sanitizeLink(string $url): string
|
||||
{
|
||||
$sanitzed = $url = trim($url);
|
||||
|
||||
foreach (['"', ' '] as $character) {
|
||||
$pos = strpos($sanitzed, $character);
|
||||
if ($pos !== false) {
|
||||
$sanitzed = trim(substr($sanitzed, 0, $pos));
|
||||
}
|
||||
}
|
||||
|
||||
if ($sanitzed != $url) {
|
||||
Logger::debug('Link got sanitized', ['url' => $url, 'sanitzed' => $sanitzed]);
|
||||
}
|
||||
return $sanitzed;
|
||||
}
|
||||
|
||||
/**
|
||||
* Callback: Sanitize links from given $match array
|
||||
*
|
||||
|
@ -1099,9 +1077,9 @@ class BBCode
|
|||
private static function sanitizeLinksCallback(array $match): string
|
||||
{
|
||||
if (count($match) == 3) {
|
||||
return '[' . $match[1] . ']' . self::sanitizeLink($match[2]) . '[/' . $match[1] . ']';
|
||||
return '[' . $match[1] . ']' . Network::sanitizeUrl($match[2]) . '[/' . $match[1] . ']';
|
||||
} else {
|
||||
return '[' . $match[1] . '=' . self::sanitizeLink($match[2]) . ']' . $match[3] . '[/' . $match[1] . ']';
|
||||
return '[' . $match[1] . '=' . Network::sanitizeUrl($match[2]) . ']' . $match[3] . '[/' . $match[1] . ']';
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -31,6 +31,7 @@ use Friendica\Util\HTTPSignature;
|
|||
use Friendica\Util\Images;
|
||||
use Friendica\Util\Proxy;
|
||||
use Friendica\Object\Image;
|
||||
use Friendica\Util\Network;
|
||||
|
||||
/**
|
||||
* Class Link
|
||||
|
@ -77,7 +78,7 @@ class Link
|
|||
} else {
|
||||
$fields = self::fetchMimeType($url);
|
||||
$fields['uri-id'] = $uriId;
|
||||
$fields['url'] = $url;
|
||||
$fields['url'] = Network::sanitizeUrl($url);
|
||||
|
||||
DBA::insert('post-link', $fields, Database::INSERT_IGNORE);
|
||||
$id = DBA::lastInsertId();
|
||||
|
|
|
@ -96,6 +96,7 @@ class Media
|
|||
return false;
|
||||
}
|
||||
|
||||
$media['url'] = Network::sanitizeUrl($media['url']);
|
||||
$media = self::unsetEmptyFields($media);
|
||||
$media = DI::dbaDefinition()->truncateFieldsForTable('post-media', $media);
|
||||
|
||||
|
|
|
@ -659,6 +659,29 @@ class Network
|
|||
return !empty($scheme) && in_array($scheme, ['http', 'https']) && parse_url($url, PHP_URL_HOST);
|
||||
}
|
||||
|
||||
/**
|
||||
* Remove invalid parts from an URL
|
||||
*
|
||||
* @param string $url
|
||||
* @return string sanitized URL
|
||||
*/
|
||||
public static function sanitizeUrl(string $url): string
|
||||
{
|
||||
$sanitized = $url = trim($url);
|
||||
|
||||
foreach (['"', ' '] as $character) {
|
||||
$pos = strpos($sanitized, $character);
|
||||
if ($pos !== false) {
|
||||
$sanitized = trim(substr($sanitized, 0, $pos));
|
||||
}
|
||||
}
|
||||
|
||||
if ($sanitized != $url) {
|
||||
Logger::debug('Link got sanitized', ['url' => $url, 'sanitzed' => $sanitized]);
|
||||
}
|
||||
return $sanitized;
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates an Uri object out of a given Uri string
|
||||
*
|
||||
|
|
Loading…
Reference in New Issue
Block a user