Merge pull request #8328 from annando/clean-uri

Clean the profile URL when follow
2022.09-rc
Tobias Diekershoff 2020-02-22 17:31:21 +01:00 zatwierdzone przez GitHub
commit 357c0072bd
Nie znaleziono w bazie danych klucza dla tego podpisu
ID klucza GPG: 4AEE18F83AFDEB23
3 zmienionych plików z 27 dodań i 2 usunięć

Wyświetl plik

@ -41,7 +41,7 @@ function follow_post(App $a)
}
$uid = local_user();
$url = Strings::escapeTags(trim($_REQUEST['url']));
$url = Probe::cleanURI($_REQUEST['url']);
$return_path = 'follow?url=' . urlencode($url);
// Makes the connection request for friendica contacts easier

Wyświetl plik

@ -54,7 +54,7 @@ class RemoteFollow extends BaseModule
return;
}
$url = trim($_POST['dfrn_url']);
$url = Probe::cleanURI($_POST['dfrn_url']);
if (!strlen($url)) {
notice(DI::l10n()->t("Invalid locator"));
return;

Wyświetl plik

@ -47,6 +47,31 @@ class Probe
private static $baseurl;
private static $istimeout;
/**
* Remove stuff from an URI that doesn't belong there
*
* @param string $URI
* @return string Cleaned URI
*/
public static function cleanURI(string $URI)
{
// At first remove leading and trailing junk
$URI = trim($URI, "@#?:/ \t\n\r\0\x0B");
$parts = parse_url($URI);
if (empty($parts['scheme'])) {
return $URI;
}
// Remove the URL fragment, since these shouldn't be part of any profile URL
unset($parts['fragment']);
$URI = Network::unparseURL($parts);
return $URI;
}
/**
* Rearrange the array so that it always has the same order
*