Apply tighter sanitization to base URLs.
This commit is contained in:
parent
db8bc3dbb1
commit
553c8bdb9d
|
@ -8,6 +8,7 @@ use App\Entity;
|
|||
use App\Event\GetSyncTasks;
|
||||
use App\Service\Avatar;
|
||||
use Doctrine\ORM\Mapping as ORM;
|
||||
use GuzzleHttp\Psr7\Uri;
|
||||
use OpenApi\Annotations as OA;
|
||||
use Stringable;
|
||||
use Symfony\Component\Validator\Constraints as Assert;
|
||||
|
@ -46,7 +47,24 @@ class Settings implements Stringable
|
|||
|
||||
public function setBaseUrl(?string $baseUrl): void
|
||||
{
|
||||
$this->base_url = $this->truncateNullableString($baseUrl);
|
||||
if (null === $baseUrl) {
|
||||
$this->base_url = null;
|
||||
return;
|
||||
}
|
||||
|
||||
// Filter the base URL to avoid trailing slashes and other problems.
|
||||
$baseUri = new Uri($baseUrl);
|
||||
if ('' === $baseUri->getScheme()) {
|
||||
$baseUri = $baseUri->withScheme('http');
|
||||
}
|
||||
if ('/' === $baseUri->getPath()) {
|
||||
$baseUri = $baseUri->withPath('');
|
||||
}
|
||||
if (Uri::isDefaultPort($baseUri)) {
|
||||
$baseUri = $baseUri->withPort(null);
|
||||
}
|
||||
|
||||
$this->base_url = $this->truncateNullableString((string)$baseUri);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -76,6 +76,11 @@ class Router implements RouterInterface
|
|||
$baseUrl = $baseUrl->withScheme('https');
|
||||
}
|
||||
|
||||
// Avoid double-trailing slashes in various URLs
|
||||
if ('/' === $baseUrl->getPath()) {
|
||||
$baseUrl = $baseUrl->withPath('');
|
||||
}
|
||||
|
||||
// Filter the base URL so it doesn't say http://site:80 or https://site:443
|
||||
if (Uri::isDefaultPort($baseUrl)) {
|
||||
return $baseUrl->withPort(null);
|
||||
|
|
Loading…
Reference in New Issue