mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Merge pull request #61 from silverstripe-security/pulls/4.0/ss-2018-008
[ss-2018-008] Validate against malformed urls
This commit is contained in:
commit
39b62e5fbb
@ -728,13 +728,26 @@ class Director implements TemplateGlobalProvider
|
||||
*/
|
||||
public static function is_site_url($url)
|
||||
{
|
||||
$urlHost = parse_url($url, PHP_URL_HOST);
|
||||
$actualHost = parse_url(self::protocolAndHost(), PHP_URL_HOST);
|
||||
if ($urlHost && $actualHost && $urlHost == $actualHost) {
|
||||
return true;
|
||||
} else {
|
||||
return self::is_relative_url($url);
|
||||
$parsedURL = parse_url($url);
|
||||
|
||||
// Validate user (disallow slashes)
|
||||
if (!empty($parsedURL['user']) && strstr($parsedURL['user'], '\\')) {
|
||||
return false;
|
||||
}
|
||||
if (!empty($parsedURL['pass']) && strstr($parsedURL['pass'], '\\')) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Validate host[:port]
|
||||
$actualHost = parse_url(self::protocolAndHost(), PHP_URL_HOST);
|
||||
if (!empty($parsedURL['host'])
|
||||
&& $actualHost
|
||||
&& $parsedURL['host'] === $actualHost
|
||||
) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return self::is_relative_url($url);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -380,6 +380,10 @@ class DirectorTest extends SapphireTest
|
||||
$this->assertFalse(Director::is_site_url("http://test.com?url=" . Director::absoluteBaseURL()));
|
||||
$this->assertFalse(Director::is_site_url("http://test.com?url=" . urlencode(Director::absoluteBaseURL())));
|
||||
$this->assertFalse(Director::is_site_url("//test.com?url=" . Director::absoluteBaseURL()));
|
||||
$this->assertFalse(Director::is_site_url('http://google.com\@test.com'));
|
||||
$this->assertFalse(Director::is_site_url('http://google.com/@test.com'));
|
||||
$this->assertFalse(Director::is_site_url('http://google.com:pass\@test.com'));
|
||||
$this->assertFalse(Director::is_site_url('http://google.com:pass/@test.com'));
|
||||
}
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user