mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Merge pull request #61 from silverstripe-security/pulls/4.0/ss-2018-008
[ss-2018-008] Validate against malformed urls
This commit is contained in:
commit
39b62e5fbb
@ -728,13 +728,26 @@ class Director implements TemplateGlobalProvider
|
|||||||
*/
|
*/
|
||||||
public static function is_site_url($url)
|
public static function is_site_url($url)
|
||||||
{
|
{
|
||||||
$urlHost = parse_url($url, PHP_URL_HOST);
|
$parsedURL = parse_url($url);
|
||||||
$actualHost = parse_url(self::protocolAndHost(), PHP_URL_HOST);
|
|
||||||
if ($urlHost && $actualHost && $urlHost == $actualHost) {
|
// Validate user (disallow slashes)
|
||||||
return true;
|
if (!empty($parsedURL['user']) && strstr($parsedURL['user'], '\\')) {
|
||||||
} else {
|
return false;
|
||||||
return self::is_relative_url($url);
|
|
||||||
}
|
}
|
||||||
|
if (!empty($parsedURL['pass']) && strstr($parsedURL['pass'], '\\')) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Validate host[:port]
|
||||||
|
$actualHost = parse_url(self::protocolAndHost(), PHP_URL_HOST);
|
||||||
|
if (!empty($parsedURL['host'])
|
||||||
|
&& $actualHost
|
||||||
|
&& $parsedURL['host'] === $actualHost
|
||||||
|
) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return self::is_relative_url($url);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -380,6 +380,10 @@ class DirectorTest extends SapphireTest
|
|||||||
$this->assertFalse(Director::is_site_url("http://test.com?url=" . Director::absoluteBaseURL()));
|
$this->assertFalse(Director::is_site_url("http://test.com?url=" . Director::absoluteBaseURL()));
|
||||||
$this->assertFalse(Director::is_site_url("http://test.com?url=" . urlencode(Director::absoluteBaseURL())));
|
$this->assertFalse(Director::is_site_url("http://test.com?url=" . urlencode(Director::absoluteBaseURL())));
|
||||||
$this->assertFalse(Director::is_site_url("//test.com?url=" . Director::absoluteBaseURL()));
|
$this->assertFalse(Director::is_site_url("//test.com?url=" . Director::absoluteBaseURL()));
|
||||||
|
$this->assertFalse(Director::is_site_url('http://google.com\@test.com'));
|
||||||
|
$this->assertFalse(Director::is_site_url('http://google.com/@test.com'));
|
||||||
|
$this->assertFalse(Director::is_site_url('http://google.com:pass\@test.com'));
|
||||||
|
$this->assertFalse(Director::is_site_url('http://google.com:pass/@test.com'));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Loading…
Reference in New Issue
Block a user