diff options
| author | Chocobozzz <me@florianbigard.com> | 2017-12-21 09:56:59 +0100 |
|---|---|---|
| committer | Chocobozzz <me@florianbigard.com> | 2017-12-21 09:56:59 +0100 |
| commit | 225a89c2afbbe53cf39ffa7ea0cd485095a1d5f5 (patch) | |
| tree | 9dc8fa039e820229fd3ecb386d6f63bf02e16698 /server/helpers | |
| parent | 6725d05c5f71e0cdf0deba6692220b73e42e7ffa (diff) | |
| download | PeerTube-225a89c2afbbe53cf39ffa7ea0cd485095a1d5f5.tar.gz PeerTube-225a89c2afbbe53cf39ffa7ea0cd485095a1d5f5.tar.zst PeerTube-225a89c2afbbe53cf39ffa7ea0cd485095a1d5f5.zip | |
Sanitize url to not end with implicit ports
Diffstat (limited to 'server/helpers')
| -rw-r--r-- | server/helpers/core-utils.ts | 22 | ||||
| -rw-r--r-- | server/helpers/custom-validators/webfinger.ts | 5 |
2 files changed, 25 insertions, 2 deletions
diff --git a/server/helpers/core-utils.ts b/server/helpers/core-utils.ts index 443115336..0c6c36d11 100644 --- a/server/helpers/core-utils.ts +++ b/server/helpers/core-utils.ts | |||
| @@ -11,6 +11,26 @@ import * as mkdirp from 'mkdirp' | |||
| 11 | import { join } from 'path' | 11 | import { join } from 'path' |
| 12 | import * as pem from 'pem' | 12 | import * as pem from 'pem' |
| 13 | import * as rimraf from 'rimraf' | 13 | import * as rimraf from 'rimraf' |
| 14 | import { URL } from 'url' | ||
| 15 | |||
| 16 | function sanitizeUrl (url: string) { | ||
| 17 | const urlObject = new URL(url) | ||
| 18 | |||
| 19 | if (urlObject.protocol === 'https:' && urlObject.port === '443') { | ||
| 20 | urlObject.port = '' | ||
| 21 | } else if (urlObject.protocol === 'http:' && urlObject.port === '80') { | ||
| 22 | urlObject.port = '' | ||
| 23 | } | ||
| 24 | |||
| 25 | return urlObject.href.replace(/\/$/, '') | ||
| 26 | } | ||
| 27 | |||
| 28 | // Don't import remote scheme from constants because we are in core utils | ||
| 29 | function sanitizeHost (host: string, remoteScheme: string) { | ||
| 30 | let toRemove = remoteScheme === 'https' ? 443 : 80 | ||
| 31 | |||
| 32 | return host.replace(new RegExp(`:${toRemove}$`), '') | ||
| 33 | } | ||
| 14 | 34 | ||
| 15 | function isTestInstance () { | 35 | function isTestInstance () { |
| 16 | return process.env.NODE_ENV === 'test' | 36 | return process.env.NODE_ENV === 'test' |
| @@ -114,6 +134,8 @@ export { | |||
| 114 | root, | 134 | root, |
| 115 | escapeHTML, | 135 | escapeHTML, |
| 116 | pageToStartAndCount, | 136 | pageToStartAndCount, |
| 137 | sanitizeUrl, | ||
| 138 | sanitizeHost, | ||
| 117 | 139 | ||
| 118 | promisify0, | 140 | promisify0, |
| 119 | promisify1, | 141 | promisify1, |
diff --git a/server/helpers/custom-validators/webfinger.ts b/server/helpers/custom-validators/webfinger.ts index 1b9aad444..46f1ac210 100644 --- a/server/helpers/custom-validators/webfinger.ts +++ b/server/helpers/custom-validators/webfinger.ts | |||
| @@ -1,4 +1,5 @@ | |||
| 1 | import { CONFIG } from '../../initializers' | 1 | import { CONFIG, REMOTE_SCHEME } from '../../initializers' |
| 2 | import { sanitizeHost } from '../core-utils' | ||
| 2 | import { exists } from './misc' | 3 | import { exists } from './misc' |
| 3 | 4 | ||
| 4 | function isWebfingerResourceValid (value: string) { | 5 | function isWebfingerResourceValid (value: string) { |
| @@ -11,7 +12,7 @@ function isWebfingerResourceValid (value: string) { | |||
| 11 | 12 | ||
| 12 | const host = actorParts[1] | 13 | const host = actorParts[1] |
| 13 | 14 | ||
| 14 | return host === CONFIG.WEBSERVER.HOSTNAME || host === CONFIG.WEBSERVER.HOST | 15 | return sanitizeHost(host, REMOTE_SCHEME.HTTP) === CONFIG.WEBSERVER.HOSTNAME |
| 15 | } | 16 | } |
| 16 | 17 | ||
| 17 | // --------------------------------------------------------------------------- | 18 | // --------------------------------------------------------------------------- |