mirror of
https://github.com/friendica/friendica
synced 2024-12-23 00:40:15 +00:00
Issue 14324: Sanitize profile input
This commit is contained in:
parent
aae004d3d2
commit
ef71840ddc
4 changed files with 38 additions and 6 deletions
|
@ -1,6 +1,6 @@
|
||||||
-- ------------------------------------------
|
-- ------------------------------------------
|
||||||
-- Friendica 2024.06-rc (Yellow Archangel)
|
-- Friendica 2024.06-rc (Yellow Archangel)
|
||||||
-- DB_UPDATE_VERSION 1570
|
-- DB_UPDATE_VERSION 1571
|
||||||
-- ------------------------------------------
|
-- ------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -125,9 +125,9 @@ class Index extends BaseSettings
|
||||||
$country_name = trim($request['country_name']);
|
$country_name = trim($request['country_name']);
|
||||||
$pub_keywords = self::cleanKeywords(trim($request['pub_keywords']));
|
$pub_keywords = self::cleanKeywords(trim($request['pub_keywords']));
|
||||||
$prv_keywords = self::cleanKeywords(trim($request['prv_keywords']));
|
$prv_keywords = self::cleanKeywords(trim($request['prv_keywords']));
|
||||||
$xmpp = trim($request['xmpp']);
|
$xmpp = $this->cleanInput(trim($request['xmpp']));
|
||||||
$matrix = trim($request['matrix']);
|
$matrix = $this->cleanInput(trim($request['matrix']));
|
||||||
$homepage = trim($request['homepage']);
|
$homepage = $this->cleanInput(trim($request['homepage']));
|
||||||
if ((strpos($homepage, 'http') !== 0) && (strlen($homepage))) {
|
if ((strpos($homepage, 'http') !== 0) && (strlen($homepage))) {
|
||||||
// neither http nor https in URL, add them
|
// neither http nor https in URL, add them
|
||||||
$homepage = 'http://' . $homepage;
|
$homepage = 'http://' . $homepage;
|
||||||
|
@ -358,6 +358,11 @@ class Index extends BaseSettings
|
||||||
return $profileFields;
|
return $profileFields;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function cleanInput(string $input): string
|
||||||
|
{
|
||||||
|
return str_replace(['<', '>', '"', ' '], '', $input);
|
||||||
|
}
|
||||||
|
|
||||||
private static function cleanKeywords($keywords): string
|
private static function cleanKeywords($keywords): string
|
||||||
{
|
{
|
||||||
$keywords = str_replace(',', ' ', $keywords);
|
$keywords = str_replace(',', ' ', $keywords);
|
||||||
|
|
|
@ -56,7 +56,7 @@ use Friendica\Database\DBA;
|
||||||
|
|
||||||
// This file is required several times during the test in DbaDefinition which justifies this condition
|
// This file is required several times during the test in DbaDefinition which justifies this condition
|
||||||
if (!defined('DB_UPDATE_VERSION')) {
|
if (!defined('DB_UPDATE_VERSION')) {
|
||||||
define('DB_UPDATE_VERSION', 1570);
|
define('DB_UPDATE_VERSION', 1571);
|
||||||
}
|
}
|
||||||
|
|
||||||
return [
|
return [
|
||||||
|
|
27
update.php
27
update.php
|
@ -1487,3 +1487,30 @@ function update_1566()
|
||||||
}
|
}
|
||||||
DBA::close($users);
|
DBA::close($users);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function update_1571()
|
||||||
|
{
|
||||||
|
$profiles = DBA::select('profile', ['uid', 'homepage', 'xmpp', 'matrix']);
|
||||||
|
while ($profile = DBA::fetch($profiles)) {
|
||||||
|
$homepage = str_replace(['<', '>', '"', ' '], '', $profile['homepage']);
|
||||||
|
$xmpp = str_replace(['<', '>', '"', ' '], '', $profile['xmpp']);
|
||||||
|
$matrix = str_replace(['<', '>', '"', ' '], '', $profile['matrix']);
|
||||||
|
|
||||||
|
$fields = [];
|
||||||
|
if ($homepage != $profile['homepage']) {
|
||||||
|
$fields['homepage'] = $homepage;
|
||||||
|
}
|
||||||
|
if ($xmpp != $profile['xmpp']) {
|
||||||
|
$fields['xmpp'] = $xmpp;
|
||||||
|
}
|
||||||
|
if ($matrix != $profile['matrix']) {
|
||||||
|
$fields['matrix'] = $matrix;
|
||||||
|
}
|
||||||
|
if (!empty($fields)) {
|
||||||
|
Profile::update($fields, $profile['uid']);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
DBA::close($profiles);
|
||||||
|
|
||||||
|
return Update::SUCCESS;
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue