Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-04-23 07:10:14 +00:00
Code Issues Projects Releases Packages Wiki Activity

Issue 14324: Sanitize profile input

Browse source
This commit is contained in:
Michael 2024-07-28 04:34:44 +00:00
parent aae004d3d2
commit ef71840ddc
4 changed files with 38 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/Module/Settings/Profile/Index.php
View file

@ -125,9 +125,9 @@ class Index extends BaseSettings
$country_name = trim($request['country_name']);
$pub_keywords = self::cleanKeywords(trim($request['pub_keywords']));
$prv_keywords = self::cleanKeywords(trim($request['prv_keywords']));
$xmpp = trim($request['xmpp']);
$matrix = trim($request['matrix']);
$homepage = trim($request['homepage']);
$xmpp = $this->cleanInput(trim($request['xmpp']));
$matrix = $this->cleanInput(trim($request['matrix']));
$homepage = $this->cleanInput(trim($request['homepage']));
if ((strpos($homepage, 'http') !== 0) && (strlen($homepage))) {
// neither http nor https in URL, add them
$homepage = 'http://' . $homepage;
@ -358,6 +358,11 @@ class Index extends BaseSettings
return $profileFields;
}
private function cleanInput(string $input): string
{
return str_replace(['<', '>', '"', ' '], '', $input);
}
private static function cleanKeywords($keywords): string
{
$keywords = str_replace(',', ' ', $keywords);