properly sanitize all URLs, also use sanitized URLs in messages base URL deduction
This commit is contained in:
parent
03df575fc6
commit
b0a11288cb
|
@ -30,7 +30,7 @@
|
||||||
<url type="donation">https://martinrotter.github.io/donate/</url>
|
<url type="donation">https://martinrotter.github.io/donate/</url>
|
||||||
<content_rating type="oars-1.1" />
|
<content_rating type="oars-1.1" />
|
||||||
<releases>
|
<releases>
|
||||||
<release version="3.9.2" date="2021-07-12"/>
|
<release version="3.9.2" date="2021-07-14"/>
|
||||||
</releases>
|
</releases>
|
||||||
<content_rating type="oars-1.0">
|
<content_rating type="oars-1.0">
|
||||||
<content_attribute id="violence-cartoon">none</content_attribute>
|
<content_attribute id="violence-cartoon">none</content_attribute>
|
||||||
|
|
|
@ -11,6 +11,7 @@
|
||||||
#include "miscellaneous/skinfactory.h"
|
#include "miscellaneous/skinfactory.h"
|
||||||
#include "network-web/adblock/adblockicon.h"
|
#include "network-web/adblock/adblockicon.h"
|
||||||
#include "network-web/adblock/adblockmanager.h"
|
#include "network-web/adblock/adblockmanager.h"
|
||||||
|
#include "network-web/networkfactory.h"
|
||||||
#include "network-web/webfactory.h"
|
#include "network-web/webfactory.h"
|
||||||
#include "network-web/webpage.h"
|
#include "network-web/webpage.h"
|
||||||
|
|
||||||
|
@ -151,7 +152,7 @@ void WebViewer::loadMessages(const QList<Message>& messages, RootItem* root) {
|
||||||
m_messageBaseUrl = QString();
|
m_messageBaseUrl = QString();
|
||||||
|
|
||||||
if (feed != nullptr) {
|
if (feed != nullptr) {
|
||||||
QUrl url(feed->source());
|
QUrl url(NetworkFactory::sanitizeUrl(feed->source()));
|
||||||
|
|
||||||
if (url.isValid()) {
|
if (url.isValid()) {
|
||||||
m_messageBaseUrl = url.scheme() + QSL("://") + url.host();
|
m_messageBaseUrl = url.scheme() + QSL("://") + url.host();
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
#include "miscellaneous/application.h"
|
#include "miscellaneous/application.h"
|
||||||
#include "miscellaneous/iofactory.h"
|
#include "miscellaneous/iofactory.h"
|
||||||
#include "network-web/cookiejar.h"
|
#include "network-web/cookiejar.h"
|
||||||
|
#include "network-web/networkfactory.h"
|
||||||
#include "network-web/silentnetworkaccessmanager.h"
|
#include "network-web/silentnetworkaccessmanager.h"
|
||||||
#include "network-web/webfactory.h"
|
#include "network-web/webfactory.h"
|
||||||
|
|
||||||
|
@ -60,15 +61,14 @@ void Downloader::manipulateData(const QString& url,
|
||||||
bool protected_contents,
|
bool protected_contents,
|
||||||
const QString& username,
|
const QString& username,
|
||||||
const QString& password) {
|
const QString& password) {
|
||||||
|
QString sanitized_url = NetworkFactory::sanitizeUrl(url);
|
||||||
auto cookies = CookieJar::extractCookiesFromUrl(url);
|
auto cookies = CookieJar::extractCookiesFromUrl(sanitized_url);
|
||||||
|
|
||||||
if (!cookies.isEmpty()) {
|
if (!cookies.isEmpty()) {
|
||||||
qApp->web()->cookieJar()->setCookiesFromUrl(cookies, url);
|
qApp->web()->cookieJar()->setCookiesFromUrl(cookies, sanitized_url);
|
||||||
}
|
}
|
||||||
|
|
||||||
QNetworkRequest request;
|
QNetworkRequest request;
|
||||||
QString non_const_url = url;
|
|
||||||
QHashIterator<QByteArray, QByteArray> i(m_customHeaders);
|
QHashIterator<QByteArray, QByteArray> i(m_customHeaders);
|
||||||
|
|
||||||
while (i.hasNext()) {
|
while (i.hasNext()) {
|
||||||
|
@ -82,15 +82,7 @@ void Downloader::manipulateData(const QString& url,
|
||||||
// Set url for this request and fire it up.
|
// Set url for this request and fire it up.
|
||||||
m_timer->setInterval(timeout);
|
m_timer->setInterval(timeout);
|
||||||
|
|
||||||
if (non_const_url.startsWith(URI_SCHEME_FEED)) {
|
request.setUrl(qApp->web()->processFeedUriScheme(sanitized_url));
|
||||||
qDebugNN << LOGSEC_NETWORK
|
|
||||||
<< "Replacing URI schemes for"
|
|
||||||
<< QUOTE_W_SPACE_DOT(non_const_url);
|
|
||||||
request.setUrl(non_const_url.replace(QRegularExpression(QString('^') + URI_SCHEME_FEED), QString(URI_SCHEME_HTTP)));
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
request.setUrl(non_const_url);
|
|
||||||
}
|
|
||||||
|
|
||||||
m_targetProtected = protected_contents;
|
m_targetProtected = protected_contents;
|
||||||
m_targetUsername = username;
|
m_targetUsername = username;
|
||||||
|
|
|
@ -137,6 +137,11 @@ QString NetworkFactory::networkErrorText(QNetworkReply::NetworkError error_code)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
QString NetworkFactory::sanitizeUrl(const QString& url) {
|
||||||
|
return QString(url).replace(QRegularExpression(QSL("[^\\w\\-.~:\\/?#\\[\\]@!$&'()*+,;=%]")),
|
||||||
|
QString());
|
||||||
|
}
|
||||||
|
|
||||||
QNetworkReply::NetworkError NetworkFactory::downloadIcon(const QList<QPair<QString, bool>>& urls, int timeout,
|
QNetworkReply::NetworkError NetworkFactory::downloadIcon(const QList<QPair<QString, bool>>& urls, int timeout,
|
||||||
QIcon& output, const QNetworkProxy& custom_proxy) {
|
QIcon& output, const QNetworkProxy& custom_proxy) {
|
||||||
QNetworkReply::NetworkError network_result = QNetworkReply::NetworkError::UnknownNetworkError;
|
QNetworkReply::NetworkError network_result = QNetworkReply::NetworkError::UnknownNetworkError;
|
||||||
|
|
|
@ -28,6 +28,7 @@ class NetworkFactory {
|
||||||
|
|
||||||
// Returns human readable text for given network error.
|
// Returns human readable text for given network error.
|
||||||
static QString networkErrorText(QNetworkReply::NetworkError error_code);
|
static QString networkErrorText(QNetworkReply::NetworkError error_code);
|
||||||
|
static QString sanitizeUrl(const QString& url);
|
||||||
|
|
||||||
// Performs SYNCHRONOUS download if favicon for the site,
|
// Performs SYNCHRONOUS download if favicon for the site,
|
||||||
// given URL belongs to.
|
// given URL belongs to.
|
||||||
|
|
|
@ -92,19 +92,17 @@ QString FeedParser::rawXmlChild(const QDomElement& container) const {
|
||||||
auto children = container.childNodes();
|
auto children = container.childNodes();
|
||||||
|
|
||||||
for (int i = 0; i < children.size(); i++) {
|
for (int i = 0; i < children.size(); i++) {
|
||||||
QString raw_ch;
|
|
||||||
|
|
||||||
if (children.at(i).isCDATASection()) {
|
if (children.at(i).isCDATASection()) {
|
||||||
raw_ch = children.at(i).toCDATASection().data();
|
raw += children.at(i).toCDATASection().data();
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
QString raw_ch;
|
||||||
QTextStream str(&raw_ch);
|
QTextStream str(&raw_ch);
|
||||||
|
|
||||||
children.at(i).save(str, 0);
|
children.at(i).save(str, 0);
|
||||||
}
|
|
||||||
|
|
||||||
raw += qApp->web()->unescapeHtml(raw_ch);
|
raw += qApp->web()->unescapeHtml(raw_ch);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return raw;
|
return raw;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue