friendica
/
friendica
mirror of https://github.com/friendica/friendica
6
0
Fork 1
Code Issues Packages Projects Releases 1 Wiki Activity

Make validate_url more intuitive 

- Remove the parameter passed by reference
- Add modified url in return value
This commit is contained in:
Hypolite Petovan 2017-12-16 19:23:22 -05:00
parent e16852c2f5
commit 1724dd3841
5 changed files with 21 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
include/identity.php
View File

@ -932,11 +932,12 @@ function get_my_url()
function zrl_init(App $a) function zrl_init(App $a)
{ {
$tmp_str = get_my_url(); $my_url = get_my_url();
if (validate_url($tmp_str)) { $my_url = validate_url($my_url);
if ($my_url) {
// Is it a DDoS attempt? // Is it a DDoS attempt?
// The check fetches the cached value from gprobe to reduce the load for this system // The check fetches the cached value from gprobe to reduce the load for this system
$urlparts = parse_url($tmp_str); $urlparts = parse_url($my_url);
$result = Cache::get("gprobe:" . $urlparts["host"]); $result = Cache::get("gprobe:" . $urlparts["host"]);
if ((!is_null($result)) && (in_array($result["network"], array(NETWORK_FEED, NETWORK_PHANTOM)))) { if ((!is_null($result)) && (in_array($result["network"], array(NETWORK_FEED, NETWORK_PHANTOM)))) {
@ -944,8 +945,8 @@ function zrl_init(App $a)
return; return;
} }
Worker::add(PRIORITY_LOW, 'GProbe', $tmp_str); Worker::add(PRIORITY_LOW, 'GProbe', $my_url);
$arr = array('zrl' => $tmp_str, 'url' => $a->cmd); $arr = array('zrl' => $my_url, 'url' => $a->cmd);
call_hooks('zrl_init', $arr); call_hooks('zrl_init', $arr);
} }
} }

16
include/network.php
View File

@ -470,26 +470,28 @@ function http_status_exit($val, $description = array())
* and check DNS to see if it's real (or check if is a valid IP address) * and check DNS to see if it's real (or check if is a valid IP address)
* *
* @param string $url The URL to be validated * @param string $url The URL to be validated
* @return boolean True if it's a valid URL, fals if something wrong with it * @return string|boolean The actual working URL, false else
*/ */
function validate_url(&$url) function validate_url($url)
{ {
if (Config::get('system', 'disable_url_validation')) { if (Config::get('system', 'disable_url_validation')) {
return true; return $url;
} }
// no naked subdomains (allow localhost for tests) // no naked subdomains (allow localhost for tests)
if (strpos($url, '.') === false && strpos($url, '/localhost/') === false) if (strpos($url, '.') === false && strpos($url, '/localhost/') === false) {
return false; return false;
}
if (substr($url, 0, 4) != 'http') if (substr($url, 0, 4) != 'http') {
$url = 'http://' . $url; $url = 'http://' . $url;
}
/// @TODO Really supress function outcomes? Why not find them + debug them? /// @TODO Really suppress function outcomes? Why not find them + debug them?
$h = @parse_url($url); $h = @parse_url($url);
if ((is_array($h)) && (dns_get_record($h['host'], DNS_A + DNS_CNAME + DNS_PTR) || filter_var($h['host'], FILTER_VALIDATE_IP) )) { if ((is_array($h)) && (dns_get_record($h['host'], DNS_A + DNS_CNAME + DNS_PTR) || filter_var($h['host'], FILTER_VALIDATE_IP) )) {
return true; return $url;
} }
return false; return false;

3
mod/dfrn_request.php
View File

@ -377,7 +377,8 @@ function dfrn_request_post(App $a) {
); );
} }
else { else {
if (! validate_url($url)) { $url = validate_url($url);
if (! $url) {
notice( t('Invalid profile URL.') . EOL); notice( t('Invalid profile URL.') . EOL);
goaway(System::baseUrl() . '/' . $a->cmd); goaway(System::baseUrl() . '/' . $a->cmd);
return; // NOTREACHED return; // NOTREACHED

5
mod/settings.php
View File

@ -537,10 +537,9 @@ function settings_post(App $a) {
// If openid has changed or if there's an openid but no openidserver, try and discover it. // If openid has changed or if there's an openid but no openidserver, try and discover it.
if ($openid != $a->user['openid'] || (strlen($openid) && (!strlen($openidserver)))) { if ($openid != $a->user['openid'] || (strlen($openid) && (!strlen($openidserver)))) {
$tmp_str = $openid; if (strlen($tmp_str) && validate_url($openid)) {
if (strlen($tmp_str) && validate_url($tmp_str)) {
logger('updating openidserver'); logger('updating openidserver');
require_once('library/openid.php'); require_once 'library/openid.php';
$open_id_obj = new LightOpenID; $open_id_obj = new LightOpenID;
$open_id_obj->identity = $openid; $open_id_obj->identity = $openid;
$openidserver = $open_id_obj->discover($open_id_obj->identity); $openidserver = $open_id_obj->discover($open_id_obj->identity);

6
src/Model/User.php
View File

@ -198,8 +198,6 @@ class User
$password = $password1; $password = $password1;
} }
$tmp_str = $openid_url;
if ($using_invites) { if ($using_invites) {
if (!$invite_id) { if (!$invite_id) {
throw new Exception(t('An invitation is required.')); throw new Exception(t('An invitation is required.'));
@ -212,7 +210,7 @@ class User
if (!x($username) || !x($email) || !x($nickname)) { if (!x($username) || !x($email) || !x($nickname)) {
if ($openid_url) { if ($openid_url) {
if (!validate_url($tmp_str)) { if (!validate_url($openid_url)) {
throw new Exception(t('Invalid OpenID url')); throw new Exception(t('Invalid OpenID url'));
} }
$_SESSION['register'] = 1; $_SESSION['register'] = 1;
@ -235,7 +233,7 @@ class User
throw new Exception(t('Please enter the required information.')); throw new Exception(t('Please enter the required information.'));
} }
if (!validate_url($tmp_str)) { if (!validate_url($openid_url)) {
$openid_url = ''; $openid_url = '';
} }