Elgato_dark/appwrite
1
0
Fork 0
mirror of https://github.com/appwrite/appwrite synced 2026-05-22 16:38:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #4042 from Sooraj-s-98/master

Browse source 
sanitized url in url Validation
This commit is contained in:
Torsten Dittmann 2022-10-10 22:42:49 +02:00 committed by GitHub
commit 92778baf99
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/Appwrite/Network/Validator/URL.php
View file

@ -49,11 +49,17 @@ class URL extends Validator
*/
public function isValid($value): bool
{
if (\filter_var($value, FILTER_VALIDATE_URL) === false) {
$sanitizedURL = '';
foreach (str_split($value) as $character) {
$sanitizedURL .= (ord($character) > 127) ? rawurlencode($character) : $character;
}
if (\filter_var($sanitizedURL, FILTER_VALIDATE_URL) === false) {
return false;
}
if (!empty($this->allowedSchemes) && !\in_array(\parse_url($value, PHP_URL_SCHEME), $this->allowedSchemes)) {
if (!empty($this->allowedSchemes) && !\in_array(\parse_url($sanitizedURL, PHP_URL_SCHEME), $this->allowedSchemes)) {
return false;
}

1
tests/unit/Network/Validators/URLTest.php
View file

@ -43,6 +43,7 @@ class URLTest extends TestCase
$this->assertEquals(false, $this->url->isValid('htt@s://example.com'));
$this->assertEquals(true, $this->url->isValid('http://www.example.com/foo%2\u00c2\u00a9zbar'));
$this->assertEquals(true, $this->url->isValid('http://www.example.com/?q=%3Casdf%3E'));
$this->assertEquals(true, $this->url->isValid('https://example.com/foo%2\u00c2\u00ä9zbär'));
}
public function testIsValidAllowedSchemes(): void