[ss-2018-008] Validate against malformed urls

This commit is contained in:
Damian Mooyman 2018-04-10 16:45:14 +12:00 committed by Robbie Averill
parent e967ab09a2
commit 9053014a7e
2 changed files with 23 additions and 6 deletions

View File

@ -728,13 +728,26 @@ class Director implements TemplateGlobalProvider
*/
public static function is_site_url($url)
{
$urlHost = parse_url($url, PHP_URL_HOST);
$actualHost = parse_url(self::protocolAndHost(), PHP_URL_HOST);
if ($urlHost && $actualHost && $urlHost == $actualHost) {
return true;
} else {
return self::is_relative_url($url);
$parsedURL = parse_url($url);
// Validate user (disallow slashes)
if (!empty($parsedURL['user']) && strstr($parsedURL['user'], '\\')) {
return false;
}
if (!empty($parsedURL['pass']) && strstr($parsedURL['pass'], '\\')) {
return false;
}
// Validate host[:port]
$actualHost = parse_url(self::protocolAndHost(), PHP_URL_HOST);
if (!empty($parsedURL['host'])
&& $actualHost
&& $parsedURL['host'] === $actualHost
) {
return true;
}
return self::is_relative_url($url);
}
/**

View File

@ -380,6 +380,10 @@ class DirectorTest extends SapphireTest
$this->assertFalse(Director::is_site_url("http://test.com?url=" . Director::absoluteBaseURL()));
$this->assertFalse(Director::is_site_url("http://test.com?url=" . urlencode(Director::absoluteBaseURL())));
$this->assertFalse(Director::is_site_url("//test.com?url=" . Director::absoluteBaseURL()));
$this->assertFalse(Director::is_site_url('http://google.com\@test.com'));
$this->assertFalse(Director::is_site_url('http://google.com/@test.com'));
$this->assertFalse(Director::is_site_url('http://google.com:pass\@test.com'));
$this->assertFalse(Director::is_site_url('http://google.com:pass/@test.com'));
}
/**