diff options
author | Chocobozzz <me@florianbigard.com> | 2017-12-21 09:56:59 +0100 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2017-12-21 09:56:59 +0100 |
commit | 225a89c2afbbe53cf39ffa7ea0cd485095a1d5f5 (patch) | |
tree | 9dc8fa039e820229fd3ecb386d6f63bf02e16698 /server/helpers | |
parent | 6725d05c5f71e0cdf0deba6692220b73e42e7ffa (diff) | |
download | PeerTube-225a89c2afbbe53cf39ffa7ea0cd485095a1d5f5.tar.gz PeerTube-225a89c2afbbe53cf39ffa7ea0cd485095a1d5f5.tar.zst PeerTube-225a89c2afbbe53cf39ffa7ea0cd485095a1d5f5.zip |
Sanitize url to not end with implicit ports
Diffstat (limited to 'server/helpers')
-rw-r--r-- | server/helpers/core-utils.ts | 22 | ||||
-rw-r--r-- | server/helpers/custom-validators/webfinger.ts | 5 |
2 files changed, 25 insertions, 2 deletions
diff --git a/server/helpers/core-utils.ts b/server/helpers/core-utils.ts index 443115336..0c6c36d11 100644 --- a/server/helpers/core-utils.ts +++ b/server/helpers/core-utils.ts | |||
@@ -11,6 +11,26 @@ import * as mkdirp from 'mkdirp' | |||
11 | import { join } from 'path' | 11 | import { join } from 'path' |
12 | import * as pem from 'pem' | 12 | import * as pem from 'pem' |
13 | import * as rimraf from 'rimraf' | 13 | import * as rimraf from 'rimraf' |
14 | import { URL } from 'url' | ||
15 | |||
16 | function sanitizeUrl (url: string) { | ||
17 | const urlObject = new URL(url) | ||
18 | |||
19 | if (urlObject.protocol === 'https:' && urlObject.port === '443') { | ||
20 | urlObject.port = '' | ||
21 | } else if (urlObject.protocol === 'http:' && urlObject.port === '80') { | ||
22 | urlObject.port = '' | ||
23 | } | ||
24 | |||
25 | return urlObject.href.replace(/\/$/, '') | ||
26 | } | ||
27 | |||
28 | // Don't import remote scheme from constants because we are in core utils | ||
29 | function sanitizeHost (host: string, remoteScheme: string) { | ||
30 | let toRemove = remoteScheme === 'https' ? 443 : 80 | ||
31 | |||
32 | return host.replace(new RegExp(`:${toRemove}$`), '') | ||
33 | } | ||
14 | 34 | ||
15 | function isTestInstance () { | 35 | function isTestInstance () { |
16 | return process.env.NODE_ENV === 'test' | 36 | return process.env.NODE_ENV === 'test' |
@@ -114,6 +134,8 @@ export { | |||
114 | root, | 134 | root, |
115 | escapeHTML, | 135 | escapeHTML, |
116 | pageToStartAndCount, | 136 | pageToStartAndCount, |
137 | sanitizeUrl, | ||
138 | sanitizeHost, | ||
117 | 139 | ||
118 | promisify0, | 140 | promisify0, |
119 | promisify1, | 141 | promisify1, |
diff --git a/server/helpers/custom-validators/webfinger.ts b/server/helpers/custom-validators/webfinger.ts index 1b9aad444..46f1ac210 100644 --- a/server/helpers/custom-validators/webfinger.ts +++ b/server/helpers/custom-validators/webfinger.ts | |||
@@ -1,4 +1,5 @@ | |||
1 | import { CONFIG } from '../../initializers' | 1 | import { CONFIG, REMOTE_SCHEME } from '../../initializers' |
2 | import { sanitizeHost } from '../core-utils' | ||
2 | import { exists } from './misc' | 3 | import { exists } from './misc' |
3 | 4 | ||
4 | function isWebfingerResourceValid (value: string) { | 5 | function isWebfingerResourceValid (value: string) { |
@@ -11,7 +12,7 @@ function isWebfingerResourceValid (value: string) { | |||
11 | 12 | ||
12 | const host = actorParts[1] | 13 | const host = actorParts[1] |
13 | 14 | ||
14 | return host === CONFIG.WEBSERVER.HOSTNAME || host === CONFIG.WEBSERVER.HOST | 15 | return sanitizeHost(host, REMOTE_SCHEME.HTTP) === CONFIG.WEBSERVER.HOSTNAME |
15 | } | 16 | } |
16 | 17 | ||
17 | // --------------------------------------------------------------------------- | 18 | // --------------------------------------------------------------------------- |