Commit e976b387 authored by sikeda's avatar sikeda
Browse files

[-dev] Sympa::get_url(): Rejecting malformed inputs.


git-svn-id: https://subversion.renater.fr/sympa/branches/sympa-6.2-branch@12727 05aa8bb8-cd2b-0410-b1d7-8918dfa770ce
parent 17c87847
......@@ -54,6 +54,7 @@ use Conf;
use Sympa::Constants;
use Sympa::Language;
use Sympa::Log;
use Sympa::Regexps;
use Sympa::Spindle::ProcessTemplate;
use Sympa::Ticket;
use Sympa::Tools::Data;
......@@ -1383,9 +1384,12 @@ sub get_url {
}
}
unless ($host_port) {
my $hostport_re = Sympa::Regexps::hostport();
my $ipv6_re = Sympa::Regexps::ipv6();
unless ($host_port and $host_port =~ /\A$hostport_re\z/) {
# Try authority locally given.
if ($host_port = $ENV{HTTP_HOST}) {
if ( $host_port = $ENV{HTTP_HOST}
and $host_port =~ /\A$hostport_re\z/) {
;
} else {
# HTTP/1.0 or earlier?
......@@ -1395,7 +1399,7 @@ sub get_url {
}
if ($host_port) {
if ($host_port !~ /[^:0-9a-f]/i and $host_port =~ /:.*:/) {
if ($host_port =~ /\A$ipv6_re\z/) {
# IPv6 address not enclosed.
$host_port = "[$host_port]";
}
......@@ -1403,7 +1407,7 @@ sub get_url {
$host_port .= ':'
. ($port ? $port : ($uri->scheme eq 'https') ? 443 : 80);
}
$uri->host_port($host_port);
$uri->host_port(lc $host_port);
}
$base = $uri->canonical->as_string;
......@@ -1415,12 +1419,13 @@ sub get_url {
}
$base .= '/nomenu' if $options{nomenu};
$base .= '/' . $action if defined $action and length $action;
if (ref $that eq 'Sympa::List') {
$base .= '/' . ($action || 'info');
return Sympa::Tools::Text::weburl($base,
[$that->{'name'}, @{$options{paths} || []}], %options);
} else {
$base .= '/' . $action if $action;
return Sympa::Tools::Text::weburl($base, $options{paths}, %options);
}
}
......
......@@ -35,9 +35,18 @@ use constant email => qr'([\w\-\_\.\/\+\=\'\&]+|\".*\")\@[\w\-]+(\.[\w\-]+)+';
use constant family_name => qr'[a-z0-9][a-z0-9\-\.\+_]*';
## Allow \s for template names
use constant template_name => qr'[a-zA-Z0-9][a-zA-Z0-9\-\.\+_\s]*';
use constant host => qr'[\w\.\-]+';
#FIXME: Not matching with IPv6 address.
use constant host => qr'[\w\.\-]+';
use constant hostport => qr{(?:
[-.\w]+ (?::\d+)?
| [:0-9a-f]*:[:0-9a-f]*:[:0-9a-f]*
| \[ [:0-9a-f]*:[:0-9a-f]*:[:0-9a-f]* \] (?::\d+)?
)}ix;
use constant ipv6 => qr'[:0-9a-f]*:[:0-9a-f]*:[:0-9a-f]*'i;
#FIXME: Cannot contain IPv6 address.
use constant multiple_host_with_port =>
'[\w\.\-]+(:\d+)?(,[\w\.\-]+(:\d+)?)*';
#FIXME: Cannot contain IPv6 address.
use constant multiple_host_or_url =>
qr'([-\w]+://.+|[-.\w]+(:\d+)?)(,([-\w]+://.+|[-.\w]+(:\d+)?))*';
use constant listname => qr'[a-z0-9][a-z0-9\-\.\+_]*';
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment