friendica
/
friendica
mirror of https://github.com/friendica/friendica
6
0
Fork 1
Code Issues Packages Projects Releases 1 Wiki Activity

Merge pull request #9274 from MrPetovan/bug/parse-url-charset 

Restrict character class for charset capture in Util\ParseUrl
This commit is contained in:
Michael Vogel 2020-09-26 21:43:14 +02:00 committed by GitHub
parent 014f95538c b26d225136
commit af10ed8a15
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/Util/ParseUrl.php
View File

@ -204,7 +204,7 @@ class ParseUrl
$charset = '';
// Look for a charset, first in headers
// Expected form: Content-Type: text/html; charset=ISO-8859-4
if (preg_match('/charset=(.+?)\s/', $header, $matches)) {
if (preg_match('/charset=([a-z0-9-_.\/]+)/i', $header, $matches)) {
$charset = trim(trim(trim(array_pop($matches)), ';,'));
}
@ -212,14 +212,18 @@ class ParseUrl
// Expected forms:
// - <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
// - <meta charset="utf-8">
// - <meta charset=utf-8>
// - <meta charSet="utf-8">
// We escape <style> and <script> tags since they can contain irrelevant charset information
// (see https://github.com/friendica/friendica/issues/9251#issuecomment-698636806)
Strings::performWithEscapedBlocks($body, '#<(?:style|script).*?</(?:style|script)>#ism', function ($body) use (&$charset) {
if (preg_match('/charset=["\']?([^\',"]*?)[\'"]/', $body, $matches)) {
if (preg_match('/charset=["\']?([a-z0-9-_.\/]+)/i', $body, $matches)) {
$charset = trim(trim(trim(array_pop($matches)), ';,'));
}
});
$siteinfo['charset'] = $charset;
if ($charset && strtoupper($charset) != 'UTF-8') {
// See https://github.com/friendica/friendica/issues/5470#issuecomment-418351211
$charset = str_ireplace('latin-1', 'latin1', $charset);