Only use and accept valid http links as links to an external resource
This commit is contained in:
parent
e9a6c4a7e3
commit
029daef997
3 changed files with 27 additions and 5 deletions
|
@ -3191,6 +3191,12 @@ class Item
|
||||||
*/
|
*/
|
||||||
public static function getPlink($item)
|
public static function getPlink($item)
|
||||||
{
|
{
|
||||||
|
if (Network::isValidHttpUrl($item['plink'])) {
|
||||||
|
$plink = $item['plink'];
|
||||||
|
} elseif (Network::isValidHttpUrl($item['uri']) && !Network::isLocalLink($item['uri'])) {
|
||||||
|
$plink = $item['uri'];
|
||||||
|
}
|
||||||
|
|
||||||
if (local_user()) {
|
if (local_user()) {
|
||||||
$ret = [
|
$ret = [
|
||||||
'href' => "display/" . $item['guid'],
|
'href' => "display/" . $item['guid'],
|
||||||
|
@ -3199,14 +3205,14 @@ class Item
|
||||||
'orig_title' => DI::l10n()->t('View on separate page'),
|
'orig_title' => DI::l10n()->t('View on separate page'),
|
||||||
];
|
];
|
||||||
|
|
||||||
if (!empty($item['plink'])) {
|
if (!empty($plink)) {
|
||||||
$ret['href'] = DI::baseUrl()->remove($item['plink']);
|
$ret['href'] = DI::baseUrl()->remove($plink);
|
||||||
$ret['title'] = DI::l10n()->t('Link to source');
|
$ret['title'] = DI::l10n()->t('Link to source');
|
||||||
}
|
}
|
||||||
} elseif (!empty($item['plink']) && ($item['private'] != self::PRIVATE)) {
|
} elseif (!empty($plink) && ($item['private'] != self::PRIVATE)) {
|
||||||
$ret = [
|
$ret = [
|
||||||
'href' => $item['plink'],
|
'href' => $plink,
|
||||||
'orig' => $item['plink'],
|
'orig' => $plink,
|
||||||
'title' => DI::l10n()->t('Link to source'),
|
'title' => DI::l10n()->t('Link to source'),
|
||||||
'orig_title' => DI::l10n()->t('Link to source'),
|
'orig_title' => DI::l10n()->t('Link to source'),
|
||||||
];
|
];
|
||||||
|
|
|
@ -37,6 +37,7 @@ use Friendica\Protocol\ActivityPub;
|
||||||
use Friendica\Util\HTTPSignature;
|
use Friendica\Util\HTTPSignature;
|
||||||
use Friendica\Util\JsonLD;
|
use Friendica\Util\JsonLD;
|
||||||
use Friendica\Util\LDSignature;
|
use Friendica\Util\LDSignature;
|
||||||
|
use Friendica\Util\Network;
|
||||||
use Friendica\Util\Strings;
|
use Friendica\Util\Strings;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1533,6 +1534,10 @@ class Receiver
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!empty($object_data['alternate-url']) && !Network::isValidHttpUrl($object_data['alternate-url'])) {
|
||||||
|
$object_data['alternate-url'] = null;
|
||||||
|
}
|
||||||
|
|
||||||
if (in_array($object_data['object_type'], ['as:Audio', 'as:Video'])) {
|
if (in_array($object_data['object_type'], ['as:Audio', 'as:Video'])) {
|
||||||
$object_data['alternate-url'] = self::extractAlternateUrl($object['as:url'] ?? []) ?: $object_data['alternate-url'];
|
$object_data['alternate-url'] = self::extractAlternateUrl($object['as:url'] ?? []) ?: $object_data['alternate-url'];
|
||||||
$object_data['attachments'] = array_merge($object_data['attachments'], self::processAttachmentUrls($object['as:url'] ?? []));
|
$object_data['attachments'] = array_merge($object_data['attachments'], self::processAttachmentUrls($object['as:url'] ?? []));
|
||||||
|
|
|
@ -560,4 +560,15 @@ class Network
|
||||||
{
|
{
|
||||||
return (strpos(Strings::normaliseLink($url), Strings::normaliseLink(DI::baseUrl())) !== false);
|
return (strpos(Strings::normaliseLink($url), Strings::normaliseLink(DI::baseUrl())) !== false);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check if the given URL is a valid HTTP/HTTPS URL
|
||||||
|
*
|
||||||
|
* @param string $url
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public static function isValidHttpUrl(string $url)
|
||||||
|
{
|
||||||
|
return in_array(parse_url($url, PHP_URL_SCHEME), ['http', 'https']) && parse_url($url, PHP_URL_HOST);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue