From 4a3cef89fd7ebf15bfc6a108ac31f36e469cf80a Mon Sep 17 00:00:00 2001 From: Marvin W Date: Thu, 26 Dec 2019 15:39:12 +0100 Subject: Don't allow newlines in URLs, also clean up on http file transfer detection --- main/src/ui/util/helper.vala | 13 ++++++++++--- plugins/http-files/src/file_provider.vala | 18 +++++++----------- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/main/src/ui/util/helper.vala b/main/src/ui/util/helper.vala index 86222b0b..a310de6c 100644 --- a/main/src/ui/util/helper.vala +++ b/main/src/ui/util/helper.vala @@ -5,6 +5,8 @@ using Xmpp; namespace Dino.Ui.Util { +private static Regex url_regex; +private const string[] allowed_schemes = {"http", "https", "ftp", "ftps", "irc", "ircs", "xmpp", "mailto", "sms", "smsto", "mms", "tel", "geo", "openpgp4fpr", "im", "news", "nntp", "sip", "ssh", "bitcoim", "sftp", "magnet", "vnc"}; private const string[] tango_colors_light = {"FCE94F", "FCAF3E", "E9B96E", "8AE234", "729FCF", "AD7FA8", "EF2929"}; private const string[] tango_colors_medium = {"EDD400", "F57900", "C17D11", "73D216", "3465A4", "75507B", "CC0000"}; private const string[] material_colors_800 = {"D32F2F", "C2185B", "7B1FA2", "512DA8", "303F9F", "1976D2", "0288D1", "0097A7", "00796B", "388E3C", "689F38", "AFB42B", "FFA000", "F57C00", "E64A19", "5D4037"}; @@ -246,15 +248,20 @@ public static bool is_24h_format() { return settings_format == "24h" || p_format == " "; } +public static Regex get_url_regex() { + if (url_regex == null) { + url_regex = /\b((https?|ftps?|ircs?|xmpp|mailto|sms|smsto|mms|tel|geo|openpgp4fpr|im|news|nntp|sip|ssh|bitcoin|sftp|magnet|vnc|urn):(\/\/([^\/?#,;!)}>"'»”’\s]+)(\/([^#\s,.;!?)\]}>"'»”’]|[,.;!)\]}>"'»”’][^?#\s])*)?|([^\/#\s,.;!?)\]}>"'»”’]|[,.;!)\]}>"'»”’][^\/?#\s])*)(\?([^#\s,.;!?)\]}>"'»”’]|[,.;!?)\]}>"'»”’][^#\s])+)?(#([^\s,.;!?)\]}>"'»”’]|[,.;!?)\]}>"'»”’][^\s])+)?)/; + } + return url_regex; +} + public static string parse_add_markup(string s_, string? highlight_word, bool parse_links, bool parse_text_markup, bool already_escaped_ = false) { string s = s_; bool already_escaped = already_escaped_; if (parse_links) { - string[] allowed_schemes = new string[] {"http", "https", "ftp", "ftps", "irc", "ircs", "xmpp", "mailto", "sms", "smsto", "mms", "tel", "geo", "openpgp4fpr", "im", "news", "nntp", "sip", "ssh", "bitcoin", "sftp", "magnet", "vnc"}; - Regex url_regex = /\b((https?|ftps?|ircs?|xmpp|mailto|sms|smsto|mms|tel|geo|openpgp4fpr|im|news|nntp|sip|ssh|bitcoin|sftp|magnet|vnc):(\/\/([^\/?#,;!?)}>"'»”’ ]+)(\/([^# ,.;!?)\]}>"'»”’]|[,.;!)\]}>"'»”’][^?# ])*)?|([^\/# ,.;!?)\]}>"'»”’]|[,.;!)\]}>"'»”’][^\/?# ])*)(\?([^# ,.;!?)\]}>"'»”’]|[,.;!?)\]}>"'»”’][^# ])+)?(#([^ ,.;!?)\]}>"'»”’]|[,.;!?)\]}>"'»”’][^ ])+)?)/; MatchInfo match_info; - url_regex.match(s.down(), 0, out match_info); + get_url_regex().match(s.down(), 0, out match_info); if (match_info.matches()) { int start, end; match_info.fetch_pos(0, out start, out end); diff --git a/plugins/http-files/src/file_provider.vala b/plugins/http-files/src/file_provider.vala index 2ce8d96b..a025e37b 100644 --- a/plugins/http-files/src/file_provider.vala +++ b/plugins/http-files/src/file_provider.vala @@ -10,8 +10,8 @@ public class FileProvider : Dino.FileProvider, Object { private StreamInteractor stream_interactor; private Dino.Database dino_db; - private Regex url_regex = /^(?i)\b((?:[a-z][\w-]+:(?:\/{1,3}|[a-z0-9%])|www\d{0,3}[.]|[a-z0-9.\-]+[.][a-z]{2,4}\/)(?:[^\s()<>]+|\(([^\s()<>]+|(\([^\s()<>]+\)))*\))+(?:\(([^\s()<>]+|(\([^\s()<>]+\)))*\)|[^\s`!()\[\]{};:'".,<>?«»“”‘’]))$/; - private Regex omemo_url_regex = /^aesgcm:\/\/(.*)#(([A-Fa-f0-9]{2}){48}|([A-Fa-f0-9]{2}){44})$/; + private static Regex http_url_regex = /^https?:\/\/([^\s#]*)$/; // Spaces are invalid in URLs and we can't use fragments for downloads + private static Regex omemo_url_regex = /^aesgcm:\/\/(.*)#(([A-Fa-f0-9]{2}){48}|([A-Fa-f0-9]{2}){44})$/; public FileProvider(StreamInteractor stream_interactor, Dino.Database dino_db) { this.stream_interactor = stream_interactor; @@ -35,15 +35,11 @@ public class FileProvider : Dino.FileProvider, Object { } public override async bool run(Entities.Message message, Xmpp.MessageStanza stanza, Conversation conversation) { - if (outer.url_regex.match(message.body)) { - string? oob_url = Xmpp.Xep.OutOfBandData.get_url_from_message(stanza); - - bool normal_file = oob_url != null && oob_url == message.body; - bool omemo_file = outer.omemo_url_regex.match(message.body); - - if (normal_file || omemo_file) { - yield outer.on_file_message(message, conversation); - } + string? oob_url = Xmpp.Xep.OutOfBandData.get_url_from_message(stanza); + bool normal_file = oob_url != null && oob_url == message.body && FileProvider.http_url_regex.match(message.body); + bool omemo_file = FileProvider.omemo_url_regex.match(message.body); + if (normal_file || omemo_file) { + yield outer.on_file_message(message, conversation); } return false; } -- cgit v1.2.3-70-g09d2