properly sanitize all URLs, also use sanitized URLs in messages base URL deduction
This commit is contained in:
Martin Rotter
parent
03df575fc6
commit
b0a11288cb
|
|
@ -30,7 +30,7 @@
|
|||
<url type="donation">https://martinrotter.github.io/donate/</url>
|
||||
<content_rating type="oars-1.1" />
|
||||
<releases>
|
||||
<release version="3.9.2" date="2021-07-12"/>
|
||||
<release version="3.9.2" date="2021-07-14"/>
|
||||
</releases>
|
||||
<content_rating type="oars-1.0">
|
||||
<content_attribute id="violence-cartoon">none</content_attribute>
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@
|
|||
#include "miscellaneous/skinfactory.h"
|
||||
#include "network-web/adblock/adblockicon.h"
|
||||
#include "network-web/adblock/adblockmanager.h"
|
||||
#include "network-web/networkfactory.h"
|
||||
#include "network-web/webfactory.h"
|
||||
#include "network-web/webpage.h"
|
||||
|
||||
|
|
@ -151,7 +152,7 @@ void WebViewer::loadMessages(const QList<Message>& messages, RootItem* root) {
|
|||
m_messageBaseUrl = QString();
|
||||
|
||||
if (feed != nullptr) {
|
||||
QUrl url(feed->source());
|
||||
QUrl url(NetworkFactory::sanitizeUrl(feed->source()));
|
||||
|
||||
if (url.isValid()) {
|
||||
m_messageBaseUrl = url.scheme() + QSL("://") + url.host();
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
#include "miscellaneous/application.h"
|
||||
#include "miscellaneous/iofactory.h"
|
||||
#include "network-web/cookiejar.h"
|
||||
#include "network-web/networkfactory.h"
|
||||
#include "network-web/silentnetworkaccessmanager.h"
|
||||
#include "network-web/webfactory.h"
|
||||
|
||||
|
|
@ -60,15 +61,14 @@ void Downloader::manipulateData(const QString& url,
|
|||
bool protected_contents,
|
||||
const QString& username,
|
||||
const QString& password) {
|
||||
|
||||
auto cookies = CookieJar::extractCookiesFromUrl(url);
|
||||
QString sanitized_url = NetworkFactory::sanitizeUrl(url);
|
||||
auto cookies = CookieJar::extractCookiesFromUrl(sanitized_url);
|
||||
|
||||
if (!cookies.isEmpty()) {
|
||||
qApp->web()->cookieJar()->setCookiesFromUrl(cookies, url);
|
||||
qApp->web()->cookieJar()->setCookiesFromUrl(cookies, sanitized_url);
|
||||
}
|
||||
|
||||
QNetworkRequest request;
|
||||
QString non_const_url = url;
|
||||
QHashIterator<QByteArray, QByteArray> i(m_customHeaders);
|
||||
|
||||
while (i.hasNext()) {
|
||||
|
|
@ -82,15 +82,7 @@ void Downloader::manipulateData(const QString& url,
|
|||
// Set url for this request and fire it up.
|
||||
m_timer->setInterval(timeout);
|
||||
|
||||
if (non_const_url.startsWith(URI_SCHEME_FEED)) {
|
||||
qDebugNN << LOGSEC_NETWORK
|
||||
<< "Replacing URI schemes for"
|
||||
<< QUOTE_W_SPACE_DOT(non_const_url);
|
||||
request.setUrl(non_const_url.replace(QRegularExpression(QString('^') + URI_SCHEME_FEED), QString(URI_SCHEME_HTTP)));
|
||||
}
|
||||
else {
|
||||
request.setUrl(non_const_url);
|
||||
}
|
||||
request.setUrl(qApp->web()->processFeedUriScheme(sanitized_url));
|
||||
|
||||
m_targetProtected = protected_contents;
|
||||
m_targetUsername = username;
|
||||
|
|
|
|||
|
|
@ -137,6 +137,11 @@ QString NetworkFactory::networkErrorText(QNetworkReply::NetworkError error_code)
|
|||
}
|
||||
}
|
||||
|
||||
QString NetworkFactory::sanitizeUrl(const QString& url) {
|
||||
return QString(url).replace(QRegularExpression(QSL("[^\\w\\-.~:\\/?#\\[\\]@!$&'()*+,;=%]")),
|
||||
QString());
|
||||
}
|
||||
|
||||
QNetworkReply::NetworkError NetworkFactory::downloadIcon(const QList<QPair<QString, bool>>& urls, int timeout,
|
||||
QIcon& output, const QNetworkProxy& custom_proxy) {
|
||||
QNetworkReply::NetworkError network_result = QNetworkReply::NetworkError::UnknownNetworkError;
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ class NetworkFactory {
|
|||
|
||||
// Returns human readable text for given network error.
|
||||
static QString networkErrorText(QNetworkReply::NetworkError error_code);
|
||||
static QString sanitizeUrl(const QString& url);
|
||||
|
||||
// Performs SYNCHRONOUS download if favicon for the site,
|
||||
// given URL belongs to.
|
||||
|
|
|
|||
|
|
@ -92,18 +92,16 @@ QString FeedParser::rawXmlChild(const QDomElement& container) const {
|
|||
auto children = container.childNodes();
|
||||
|
||||
for (int i = 0; i < children.size(); i++) {
|
||||
QString raw_ch;
|
||||
|
||||
if (children.at(i).isCDATASection()) {
|
||||
raw_ch = children.at(i).toCDATASection().data();
|
||||
raw += children.at(i).toCDATASection().data();
|
||||
}
|
||||
else {
|
||||
QString raw_ch;
|
||||
QTextStream str(&raw_ch);
|
||||
|
||||
children.at(i).save(str, 0);
|
||||
raw += qApp->web()->unescapeHtml(raw_ch);
|
||||
}
|
||||
|
||||
raw += qApp->web()->unescapeHtml(raw_ch);
|
||||
}
|
||||
|
||||
return raw;
|
||||
|
|
|
|||
Loading…
Reference in New Issue