rixty
/
AzuraCast
mirror of https://github.com/AzuraCast/AzuraCast.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity

Apply tighter sanitization to base URLs.

This commit is contained in:
Buster "Silver Eagle" Neece 2021-06-10 18:28:55 -05:00
parent db8bc3dbb1
commit 553c8bdb9d
No known key found for this signature in database
GPG Key ID: 6D9E12FF03411F4E
2 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/Entity/Settings.php
View File

@ -8,6 +8,7 @@ use App\Entity;
use App\Event\GetSyncTasks;
use App\Service\Avatar;
use Doctrine\ORM\Mapping as ORM;
use GuzzleHttp\Psr7\Uri;
use OpenApi\Annotations as OA;
use Stringable;
use Symfony\Component\Validator\Constraints as Assert;
@ -46,7 +47,24 @@ class Settings implements Stringable
public function setBaseUrl(?string $baseUrl): void
{
$this->base_url = $this->truncateNullableString($baseUrl);
if (null === $baseUrl) {
$this->base_url = null;
return;
}
// Filter the base URL to avoid trailing slashes and other problems.
$baseUri = new Uri($baseUrl);
if ('' === $baseUri->getScheme()) {
$baseUri = $baseUri->withScheme('http');
}
if ('/' === $baseUri->getPath()) {
$baseUri = $baseUri->withPath('');
}
if (Uri::isDefaultPort($baseUri)) {
$baseUri = $baseUri->withPort(null);
}
$this->base_url = $this->truncateNullableString((string)$baseUri);
}
/**

5
src/Http/Router.php
View File

@ -76,6 +76,11 @@ class Router implements RouterInterface
$baseUrl = $baseUrl->withScheme('https');
}
// Avoid double-trailing slashes in various URLs
if ('/' === $baseUrl->getPath()) {
$baseUrl = $baseUrl->withPath('');
}
// Filter the base URL so it doesn't say http://site:80 or https://site:443
if (Uri::isDefaultPort($baseUrl)) {
return $baseUrl->withPort(null);