cuqmbr/rss-bridge
1
0
Fork 0
mirror of https://github.com/RSS-Bridge/rss-bridge.git synced 2025-04-12 01:48:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: too strict url validation in feed item (#3058)

Browse Source 
Urls such as https://example.com/réponse were rejected

Fix https://github.com/RSS-Bridge/rss-bridge/issues/3018#issuecomment-1254159203
This commit is contained in:
Dag 2022-09-21 23:07:56 +02:00 committed by GitHub
parent 9d871e8a45
commit aacba5b1a8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
lib/FeedItem.php
View File

@ -154,27 +154,17 @@ class FeedItem
Debug::log('The item provided as URI is unknown!'); Debug::log('The item provided as URI is unknown!');
} }
} }
if (!is_string($uri)) { if (!is_string($uri)) {
Debug::log('URI must be a string!'); Debug::log(sprintf('Expected $uri to be string but got %s', gettype($uri)));
} elseif ( return $this;
!filter_var(
$uri,
FILTER_VALIDATE_URL,
FILTER_FLAG_PATH_REQUIRED
)
) {
Debug::log(sprintf('Not a valid url: "%s"', $uri));
} else {
$scheme = parse_url($uri, PHP_URL_SCHEME);
if ($scheme !== 'http' && $scheme !== 'https') {
Debug::log('URI scheme must be "http" or "https"!');
} else {
$this->uri = trim($uri);
}
} }
$uri = trim($uri);
// Intentionally doing a weak url validation here because FILTER_VALIDATE_URL is too strict
if (!preg_match('#^https?://#i', $uri)) {
Debug::log(sprintf('Not a valid url: "%s"', $uri));
return $this;
}
$this->uri = $uri;
return $this; return $this;
} }