mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
[CVE-2023-22729] Escaped double slash is absolute URL
This commit is contained in:
parent
92061a3ba6
commit
1a5bb4cbec
@ -822,10 +822,11 @@ class Director implements TemplateGlobalProvider
|
|||||||
return (
|
return (
|
||||||
// Base check for existence of a host on a compliant URL
|
// Base check for existence of a host on a compliant URL
|
||||||
parse_url($url ?? '', PHP_URL_HOST)
|
parse_url($url ?? '', PHP_URL_HOST)
|
||||||
// Check for more than one leading slash without a protocol.
|
// Check for more than one leading slash (forward or backward) without a protocol.
|
||||||
// While not a RFC compliant absolute URL, it is completed to a valid URL by some browsers,
|
// While not a RFC compliant absolute URL, it is completed to a valid URL by some browsers,
|
||||||
// and hence a potential security risk. Single leading slashes are not an issue though.
|
// and hence a potential security risk. Single leading slashes are not an issue though.
|
||||||
|| preg_match('%^\s*/{2,}%', $url ?? '')
|
// Note: Need 4 backslashes to have a single non-escaped backslash for regex.
|
||||||
|
|| preg_match('%^\s*(\\\\|/){2,}%', $url ?? '')
|
||||||
|| (
|
|| (
|
||||||
// If a colon is found, check if it's part of a valid scheme definition
|
// If a colon is found, check if it's part of a valid scheme definition
|
||||||
// (meaning its not preceded by a slash).
|
// (meaning its not preceded by a slash).
|
||||||
|
@ -232,6 +232,9 @@ class DirectorTest extends SapphireTest
|
|||||||
public function testIsAbsoluteUrl()
|
public function testIsAbsoluteUrl()
|
||||||
{
|
{
|
||||||
$this->assertTrue(Director::is_absolute_url('http://test.com/testpage'));
|
$this->assertTrue(Director::is_absolute_url('http://test.com/testpage'));
|
||||||
|
$this->assertTrue(Director::is_absolute_url('https:/\\test.com'));
|
||||||
|
$this->assertTrue(Director::is_absolute_url('https:\\/test.com'));
|
||||||
|
$this->assertTrue(Director::is_absolute_url('https:\\\\test.com'));
|
||||||
$this->assertTrue(Director::is_absolute_url('ftp://test.com'));
|
$this->assertTrue(Director::is_absolute_url('ftp://test.com'));
|
||||||
$this->assertFalse(Director::is_absolute_url('test.com/testpage'));
|
$this->assertFalse(Director::is_absolute_url('test.com/testpage'));
|
||||||
$this->assertFalse(Director::is_absolute_url('/relative'));
|
$this->assertFalse(Director::is_absolute_url('/relative'));
|
||||||
@ -241,6 +244,11 @@ class DirectorTest extends SapphireTest
|
|||||||
$this->assertTrue(Director::is_absolute_url("https://test.com/?url=http://foo.com"));
|
$this->assertTrue(Director::is_absolute_url("https://test.com/?url=http://foo.com"));
|
||||||
$this->assertTrue(Director::is_absolute_url("trickparseurl:http://test.com"));
|
$this->assertTrue(Director::is_absolute_url("trickparseurl:http://test.com"));
|
||||||
$this->assertTrue(Director::is_absolute_url('//test.com'));
|
$this->assertTrue(Director::is_absolute_url('//test.com'));
|
||||||
|
$this->assertTrue(Director::is_absolute_url('\\/\\/test.com'));
|
||||||
|
$this->assertTrue(Director::is_absolute_url('\/\/test.com'));
|
||||||
|
$this->assertTrue(Director::is_absolute_url('/\\test.com'));
|
||||||
|
$this->assertTrue(Director::is_absolute_url('\\\\test.com'));
|
||||||
|
$this->assertFalse(Director::is_absolute_url('\\test.com'));
|
||||||
$this->assertTrue(Director::is_absolute_url('/////test.com'));
|
$this->assertTrue(Director::is_absolute_url('/////test.com'));
|
||||||
$this->assertTrue(Director::is_absolute_url(' ///test.com'));
|
$this->assertTrue(Director::is_absolute_url(' ///test.com'));
|
||||||
$this->assertTrue(Director::is_absolute_url('http:test.com'));
|
$this->assertTrue(Director::is_absolute_url('http:test.com'));
|
||||||
@ -258,8 +266,17 @@ class DirectorTest extends SapphireTest
|
|||||||
{
|
{
|
||||||
$this->assertFalse(Director::is_relative_url('http://test.com'));
|
$this->assertFalse(Director::is_relative_url('http://test.com'));
|
||||||
$this->assertFalse(Director::is_relative_url('https://test.com'));
|
$this->assertFalse(Director::is_relative_url('https://test.com'));
|
||||||
|
$this->assertFalse(Director::is_relative_url('https:/\\test.com'));
|
||||||
|
$this->assertFalse(Director::is_relative_url('https:\\/test.com'));
|
||||||
|
$this->assertFalse(Director::is_relative_url('https:\\\\test.com'));
|
||||||
$this->assertFalse(Director::is_relative_url(' https://test.com/testpage '));
|
$this->assertFalse(Director::is_relative_url(' https://test.com/testpage '));
|
||||||
$this->assertTrue(Director::is_relative_url('test.com/testpage'));
|
$this->assertTrue(Director::is_relative_url('test.com/testpage'));
|
||||||
|
$this->assertFalse(Director::is_relative_url('//test.com'));
|
||||||
|
$this->assertFalse(Director::is_relative_url('\\/\\/test.com'));
|
||||||
|
$this->assertFalse(Director::is_relative_url('\/\/test.com'));
|
||||||
|
$this->assertFalse(Director::is_relative_url('/\\test.com'));
|
||||||
|
$this->assertFalse(Director::is_relative_url('\\\\test.com'));
|
||||||
|
$this->assertTrue(Director::is_relative_url('\\test.com'));
|
||||||
$this->assertFalse(Director::is_relative_url('ftp://test.com'));
|
$this->assertFalse(Director::is_relative_url('ftp://test.com'));
|
||||||
$this->assertTrue(Director::is_relative_url('/relative'));
|
$this->assertTrue(Director::is_relative_url('/relative'));
|
||||||
$this->assertTrue(Director::is_relative_url('relative'));
|
$this->assertTrue(Director::is_relative_url('relative'));
|
||||||
@ -401,17 +418,34 @@ class DirectorTest extends SapphireTest
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Mostly tested by {@link testIsRelativeUrl()},
|
|
||||||
* just adding the host name matching aspect here.
|
|
||||||
*/
|
|
||||||
public function testIsSiteUrl()
|
public function testIsSiteUrl()
|
||||||
{
|
{
|
||||||
$this->assertFalse(Director::is_site_url("http://test.com"));
|
$this->assertFalse(Director::is_site_url('http://test.com'));
|
||||||
|
$this->assertTrue(Director::is_site_url('/relative-path'));
|
||||||
|
$this->assertTrue(Director::is_site_url('relative-path'));
|
||||||
$this->assertTrue(Director::is_site_url(Director::absoluteBaseURL()));
|
$this->assertTrue(Director::is_site_url(Director::absoluteBaseURL()));
|
||||||
$this->assertFalse(Director::is_site_url("http://test.com?url=" . Director::absoluteBaseURL()));
|
$this->assertFalse(Director::is_site_url('http://test.com?url=' . Director::absoluteBaseURL()));
|
||||||
$this->assertFalse(Director::is_site_url("http://test.com?url=" . urlencode(Director::absoluteBaseURL() ?? '')));
|
$this->assertFalse(Director::is_site_url('http://test.com?url=' . urlencode(Director::absoluteBaseURL() ?? '')));
|
||||||
$this->assertFalse(Director::is_site_url("//test.com?url=" . Director::absoluteBaseURL()));
|
$this->assertFalse(Director::is_site_url('http:\\\\test.com'));
|
||||||
|
$this->assertFalse(Director::is_site_url('http:\\\\test.com?url=' . Director::absoluteBaseURL()));
|
||||||
|
$this->assertFalse(Director::is_site_url('http:\\\\test.com?url=' . urlencode(Director::absoluteBaseURL() ?? '')));
|
||||||
|
$this->assertFalse(Director::is_site_url('http:\\/test.com'));
|
||||||
|
$this->assertFalse(Director::is_site_url('http:\\/test.com?url=' . Director::absoluteBaseURL()));
|
||||||
|
$this->assertFalse(Director::is_site_url('http:\\/test.com?url=' . urlencode(Director::absoluteBaseURL() ?? '')));
|
||||||
|
$this->assertFalse(Director::is_site_url('//test.com'));
|
||||||
|
$this->assertFalse(Director::is_site_url('//test.com?url=' . Director::absoluteBaseURL()));
|
||||||
|
$this->assertFalse(Director::is_site_url('\\/\\/test.com'));
|
||||||
|
$this->assertFalse(Director::is_site_url('\\/\\/test.com?url=' . Director::absoluteBaseURL()));
|
||||||
|
$this->assertFalse(Director::is_site_url('\/\/test.com'));
|
||||||
|
$this->assertFalse(Director::is_site_url('\/\/test.com?url=' . Director::absoluteBaseURL()));
|
||||||
|
$this->assertFalse(Director::is_site_url('\\/test.com'));
|
||||||
|
$this->assertFalse(Director::is_site_url('\\/test.com?url=' . Director::absoluteBaseURL()));
|
||||||
|
$this->assertFalse(Director::is_site_url('/\\test.com'));
|
||||||
|
$this->assertFalse(Director::is_site_url('/\\test.com?url=' . Director::absoluteBaseURL()));
|
||||||
|
$this->assertFalse(Director::is_site_url('\\\\test.com'));
|
||||||
|
$this->assertFalse(Director::is_site_url('\\\\test.com?url=' . Director::absoluteBaseURL()));
|
||||||
|
$this->assertTrue(Director::is_site_url('\\test.com'));
|
||||||
|
$this->assertTrue(Director::is_site_url('\\test.com?url=' . Director::absoluteBaseURL()));
|
||||||
$this->assertFalse(Director::is_site_url('http://google.com\@test.com'));
|
$this->assertFalse(Director::is_site_url('http://google.com\@test.com'));
|
||||||
$this->assertFalse(Director::is_site_url('http://google.com/@test.com'));
|
$this->assertFalse(Director::is_site_url('http://google.com/@test.com'));
|
||||||
$this->assertFalse(Director::is_site_url('http://google.com:pass\@test.com'));
|
$this->assertFalse(Director::is_site_url('http://google.com:pass\@test.com'));
|
||||||
|
Loading…
Reference in New Issue
Block a user