fix(bot): validate url in pk;import

This commit is contained in:
spiral 2022-12-06 10:15:20 +00:00
parent ac5774df3d
commit 2fea773d7e
No known key found for this signature in database
GPG Key ID: 244A11E4B0BCF40E
4 changed files with 7 additions and 7 deletions

View File

@ -23,11 +23,8 @@ public static class ContextAvatarExt
if (arg.StartsWith("<") && arg.EndsWith(">"))
arg = arg.Substring(1, arg.Length - 2);
if (!Uri.TryCreate(arg, UriKind.Absolute, out var uri))
throw Errors.InvalidUrl(arg);
if (uri.Scheme != "http" && uri.Scheme != "https")
throw Errors.InvalidUrl(arg);
if (!Core.MiscUtils.TryMatchUri(arg, out var uri))
throw Errors.InvalidUrl;
// ToString URL-decodes, which breaks URLs to spaces; AbsoluteUri doesn't
return new ParsedImage { Url = uri.AbsoluteUri, Source = AvatarSource.Url };

View File

@ -36,6 +36,9 @@ public class ImportExport
var url = ctx.RemainderOrNull() ?? ctx.Message.Attachments.FirstOrDefault()?.Url;
if (url == null) throw Errors.NoImportFilePassed;
if (!Core.MiscUtils.TryMatchUri(url, out var _))
throw Errors.InvalidUrl;
await ctx.BusyIndicator(async () =>
{
JObject data;

View File

@ -115,7 +115,7 @@ public static class Errors
public static PKError AvatarDimensionsTooLarge(int width, int height) => new(
$"Image too large ({width}x{height} > {Limits.AvatarDimensionLimit}x{Limits.AvatarDimensionLimit}), try resizing the image.");
public static PKError InvalidUrl(string url) => new("The given URL is invalid.");
public static PKError InvalidUrl => new("The given URL is invalid.");
public static PKError UrlTooLong(string url) =>
new($"The given URL is too long ({url.Length}/{Limits.MaxUriLength} characters).");

View File

@ -21,7 +21,7 @@ public static class AvatarUtils
};
if (!PluralKit.Core.MiscUtils.TryMatchUri(url, out var uri))
throw Errors.InvalidUrl(url);
throw Errors.InvalidUrl;
url = TryRewriteCdnUrl(url);