Merge pull request #14232 from annando/issue-14220

Issue 14220: Sanitize profile data

src/Module/Profile/Profile.php

@@ -26,13 +26,13 @@ use Friendica\Content\Feature;
 use Friendica\Content\GroupManager;
 use Friendica\Content\Nav;
 use Friendica\Content\Text\BBCode;
+use Friendica\Content\Text\HTML;
 use Friendica\Core\Config\Capability\IManageConfigValues;
 use Friendica\Core\Hook;
 use Friendica\Core\L10n;
 use Friendica\Core\Protocol;
 use Friendica\Core\Renderer;
 use Friendica\Core\Session\Capability\IHandleUserSessions;
-use Friendica\Core\System;
 use Friendica\Database\Database;
 use Friendica\Database\DBA;
 use Friendica\Model\Contact;
@@ -43,12 +43,14 @@ use Friendica\Module\BaseProfile;
 use Friendica\Module\Response;
 use Friendica\Module\Security\Login;
 use Friendica\Network\HTTPException;
+use Friendica\Network\HTTPException\InternalServerErrorException;
 use Friendica\Profile\ProfileField\Repository\ProfileField;
 use Friendica\Protocol\ActivityPub;
 use Friendica\Util\DateTimeFormat;
+use Friendica\Util\Network;
 use Friendica\Util\Profiler;
-use Friendica\Util\Strings;
 use Friendica\Util\Temporal;
+use GuzzleHttp\Psr7\Uri;
 use Psr\Log\LoggerInterface;
 
 class Profile extends BaseProfile
@@ -164,7 +166,7 @@ class Profile extends BaseProfile
 
 		$basic_fields = [];
 
-		$basic_fields += self::buildField('fullname', $this->t('Full Name:'), $profile['name']);
+		$basic_fields += self::buildField('fullname', $this->t('Full Name:'), $this->cleanInput($profile['uri-id'], $profile['name']));
 
 		if (Feature::isEnabled($profile['uid'], Feature::MEMBER_SINCE)) {
 			$basic_fields += self::buildField(
@@ -196,18 +198,18 @@ class Profile extends BaseProfile
 		}
 
 		if ($profile['xmpp']) {
-			$basic_fields += self::buildField('xmpp', $this->t('XMPP:'), $profile['xmpp']);
+			$basic_fields += self::buildField('xmpp', $this->t('XMPP:'), $this->cleanInput($profile['uri-id'], $profile['xmpp']));
 		}
 
 		if ($profile['matrix']) {
-			$basic_fields += self::buildField('matrix', $this->t('Matrix:'), $profile['matrix']);
+			$basic_fields += self::buildField('matrix', $this->t('Matrix:'), $this->cleanInput($profile['uri-id'], $profile['matrix']));
 		}
 
 		if ($profile['homepage']) {
 			$basic_fields += self::buildField(
 				'homepage',
 				$this->t('Homepage:'),
-				$this->tryRelMe($profile['homepage']) ?: $profile['homepage']
+				$this->tryRelMe($profile['homepage']) ?: $this->cleanInput($profile['uri-id'], $profile['homepage'])
 			);
 		}
 
@@ -218,7 +220,7 @@ class Profile extends BaseProfile
 			|| $profile['region']
 			|| $profile['country-name']
 		) {
-			$basic_fields += self::buildField('location', $this->t('Location:'), ProfileModel::formatLocation($profile));
+			$basic_fields += self::buildField('location', $this->t('Location:'), $this->cleanInput($profile['uri-id'], ProfileModel::formatLocation($profile)));
 		}
 
 		if ($profile['pub_keywords']) {
@@ -372,10 +374,28 @@ class Profile extends BaseProfile
 	 */
 	private function tryRelMe(string $input): string
 	{
-		if (preg_match(Strings::onlyLinkRegEx(), trim($input))) {
-			return '<a href="' . trim($input) . '" target="_blank" rel="noopener noreferrer me">' . trim($input) . '</a>';
+		$input = trim($input);
+		if (Network::isValidHttpUrl($input)) {
+			try {
+				$input = (string)Uri::fromParts(parse_url($input));
+				return '<a href="' . $input . '" target="_blank" rel="noopener noreferrer me">' . $input . '</a>';
+			} catch (\Throwable $th) {
+				return '';
+			}
 		}
 
 		return '';
 	}
+
+	/**
+	 * Clean the provided input to prevent XSS problems
+	 * @param int $uri_id 
+	 * @param string $input 
+	 * @return string 
+	 * @throws InternalServerErrorException 
+	 */
+	private function cleanInput(int $uri_id, string $input): string
+	{
+		return BBCode::convertForUriId($uri_id, HTML::toBBCode($input));
+	}
 }