mirror of
https://github.com/friendica/friendica
synced 2024-11-17 15:43:40 +00:00
Issue 14324: Sanitize profile input
This commit is contained in:
parent
aae004d3d2
commit
ef71840ddc
4 changed files with 38 additions and 6 deletions
|
@ -1,6 +1,6 @@
|
|||
-- ------------------------------------------
|
||||
-- Friendica 2024.06-rc (Yellow Archangel)
|
||||
-- DB_UPDATE_VERSION 1570
|
||||
-- DB_UPDATE_VERSION 1571
|
||||
-- ------------------------------------------
|
||||
|
||||
|
||||
|
|
|
@ -125,9 +125,9 @@ class Index extends BaseSettings
|
|||
$country_name = trim($request['country_name']);
|
||||
$pub_keywords = self::cleanKeywords(trim($request['pub_keywords']));
|
||||
$prv_keywords = self::cleanKeywords(trim($request['prv_keywords']));
|
||||
$xmpp = trim($request['xmpp']);
|
||||
$matrix = trim($request['matrix']);
|
||||
$homepage = trim($request['homepage']);
|
||||
$xmpp = $this->cleanInput(trim($request['xmpp']));
|
||||
$matrix = $this->cleanInput(trim($request['matrix']));
|
||||
$homepage = $this->cleanInput(trim($request['homepage']));
|
||||
if ((strpos($homepage, 'http') !== 0) && (strlen($homepage))) {
|
||||
// neither http nor https in URL, add them
|
||||
$homepage = 'http://' . $homepage;
|
||||
|
@ -358,6 +358,11 @@ class Index extends BaseSettings
|
|||
return $profileFields;
|
||||
}
|
||||
|
||||
private function cleanInput(string $input): string
|
||||
{
|
||||
return str_replace(['<', '>', '"', ' '], '', $input);
|
||||
}
|
||||
|
||||
private static function cleanKeywords($keywords): string
|
||||
{
|
||||
$keywords = str_replace(',', ' ', $keywords);
|
||||
|
|
|
@ -56,7 +56,7 @@ use Friendica\Database\DBA;
|
|||
|
||||
// This file is required several times during the test in DbaDefinition which justifies this condition
|
||||
if (!defined('DB_UPDATE_VERSION')) {
|
||||
define('DB_UPDATE_VERSION', 1570);
|
||||
define('DB_UPDATE_VERSION', 1571);
|
||||
}
|
||||
|
||||
return [
|
||||
|
|
29
update.php
29
update.php
|
@ -1486,4 +1486,31 @@ function update_1566()
|
|||
Profile::setResponsibleRelayContact($user['uid']);
|
||||
}
|
||||
DBA::close($users);
|
||||
}
|
||||
}
|
||||
|
||||
function update_1571()
|
||||
{
|
||||
$profiles = DBA::select('profile', ['uid', 'homepage', 'xmpp', 'matrix']);
|
||||
while ($profile = DBA::fetch($profiles)) {
|
||||
$homepage = str_replace(['<', '>', '"', ' '], '', $profile['homepage']);
|
||||
$xmpp = str_replace(['<', '>', '"', ' '], '', $profile['xmpp']);
|
||||
$matrix = str_replace(['<', '>', '"', ' '], '', $profile['matrix']);
|
||||
|
||||
$fields = [];
|
||||
if ($homepage != $profile['homepage']) {
|
||||
$fields['homepage'] = $homepage;
|
||||
}
|
||||
if ($xmpp != $profile['xmpp']) {
|
||||
$fields['xmpp'] = $xmpp;
|
||||
}
|
||||
if ($matrix != $profile['matrix']) {
|
||||
$fields['matrix'] = $matrix;
|
||||
}
|
||||
if (!empty($fields)) {
|
||||
Profile::update($fields, $profile['uid']);
|
||||
}
|
||||
}
|
||||
DBA::close($profiles);
|
||||
|
||||
return Update::SUCCESS;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue