Merge pull request #7207 from nupplaphil/bug/6917-php_warnings

Add hexadecimal check (fix warnings)
This commit is contained in:
Hypolite Petovan 2019-05-30 09:31:50 -04:00 committed by GitHub
commit ac294be746
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 63 additions and 3 deletions

View file

@ -9,12 +9,14 @@
* *
* @see ParseUrl::getSiteinfo() for more information about scraping embeddable content * @see ParseUrl::getSiteinfo() for more information about scraping embeddable content
*/ */
use Friendica\App; use Friendica\App;
use Friendica\Core\Hook; use Friendica\Core\Hook;
use Friendica\Core\Logger; use Friendica\Core\Logger;
use Friendica\Core\System; use Friendica\Core\System;
use Friendica\Util\Network; use Friendica\Util\Network;
use Friendica\Util\ParseUrl; use Friendica\Util\ParseUrl;
use Friendica\Util\Strings;
function parse_url_content(App $a) function parse_url_content(App $a)
{ {
@ -25,10 +27,14 @@ function parse_url_content(App $a)
$br = "\n"; $br = "\n";
if (!empty($_GET['binurl'])) { if (!empty($_GET['binurl']) && Strings::isHex($_GET['binurl'])) {
$url = trim(hex2bin($_GET['binurl'])); $url = trim(hex2bin($_GET['binurl']));
} else { } elseif (!empty($_GET['url'])) {
$url = trim($_GET['url']); $url = trim($_GET['url']);
// fallback in case no url is valid
} else {
Logger::info('No url given');
exit();
} }
if (!empty($_GET['title'])) { if (!empty($_GET['title'])) {

View file

@ -188,6 +188,9 @@ function photos_post(App $a)
} }
if ($a->argc > 3 && $a->argv[2] === 'album') { if ($a->argc > 3 && $a->argv[2] === 'album') {
if (!Strings::isHex($a->argv[3])) {
$a->internalRedirect('photos/' . $a->data['user']['nickname'] . '/album');
}
$album = hex2bin($a->argv[3]); $album = hex2bin($a->argv[3]);
if ($album === L10n::t('Profile Photos') || $album === 'Contact Photos' || $album === L10n::t('Contact Photos')) { if ($album === L10n::t('Profile Photos') || $album === 'Contact Photos' || $album === L10n::t('Contact Photos')) {
@ -960,7 +963,7 @@ function photos_content(App $a)
return; return;
} }
$selname = $datum ? hex2bin($datum) : ''; $selname = Strings::isHex($datum) ? hex2bin($datum) : '';
$albumselect = ''; $albumselect = '';
@ -1027,6 +1030,10 @@ function photos_content(App $a)
// Display a single photo album // Display a single photo album
if ($datatype === 'album') { if ($datatype === 'album') {
// if $datum is not a valid hex, redirect to the default page
if (!Strings::isHex($datum)) {
$a->internalRedirect('photos/' . $a->data['user']['nickname']. '/album');
}
$album = hex2bin($datum); $album = hex2bin($datum);
$total = 0; $total = 0;

View file

@ -31,6 +31,18 @@ class Strings
return $return; return $return;
} }
/**
* Checks, if the given string is a valid hexadecimal code
*
* @param string $hexCode
*
* @return bool
*/
public static function isHex($hexCode)
{
return !empty($hexCode) ? @preg_match("/^[a-f0-9]{2,}$/i", $hexCode) && !(strlen($hexCode) & 1) : false;
}
/** /**
* @brief This is our primary input filter. * @brief This is our primary input filter.
* *

View file

@ -82,4 +82,39 @@ class StringsTest extends TestCase
$escapedString $escapedString
); );
} }
public function dataIsHex()
{
return [
'validHex' => [
'input' => '90913473615bf00c122ac78338492980',
'valid' => true,
],
'invalidHex' => [
'input' => '90913473615bf00c122ac7833849293',
'valid' => false,
],
'emptyHex' => [
'input' => '',
'valid' => false,
],
'nullHex' => [
'input' => null,
'valid' => false,
],
];
}
/**
* Tests if the string is a valid hexadecimal value
*
* @param string $input
* @param bool $valid
*
* @dataProvider dataIsHex
*/
public function testIsHex($input, $valid)
{
$this->assertEquals($valid, Strings::isHex($input));
}
} }