liz/PluralKit
liz/PluralKit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(bot): validate url in pk;import

Browse Source
This commit is contained in:
spiral 2022-12-06 10:15:20 +00:00
parent ac5774df3d
commit 2fea773d7e
No known key found for this signature in database
GPG Key ID: 244A11E4B0BCF40E
4 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
PluralKit.Bot/CommandSystem/Context/ContextAvatarExt.cs
View File

@ -23,11 +23,8 @@ public static class ContextAvatarExt
if (arg.StartsWith("<") && arg.EndsWith(">")) if (arg.StartsWith("<") && arg.EndsWith(">"))
arg = arg.Substring(1, arg.Length - 2); arg = arg.Substring(1, arg.Length - 2);
if (!Uri.TryCreate(arg, UriKind.Absolute, out var uri)) if (!Core.MiscUtils.TryMatchUri(arg, out var uri))
throw Errors.InvalidUrl(arg); throw Errors.InvalidUrl;
if (uri.Scheme != "http" && uri.Scheme != "https")
throw Errors.InvalidUrl(arg);
// ToString URL-decodes, which breaks URLs to spaces; AbsoluteUri doesn't // ToString URL-decodes, which breaks URLs to spaces; AbsoluteUri doesn't
return new ParsedImage { Url = uri.AbsoluteUri, Source = AvatarSource.Url }; return new ParsedImage { Url = uri.AbsoluteUri, Source = AvatarSource.Url };

3
PluralKit.Bot/Commands/ImportExport.cs
View File

@ -36,6 +36,9 @@ public class ImportExport
var url = ctx.RemainderOrNull() ?? ctx.Message.Attachments.FirstOrDefault()?.Url; var url = ctx.RemainderOrNull() ?? ctx.Message.Attachments.FirstOrDefault()?.Url;
if (url == null) throw Errors.NoImportFilePassed; if (url == null) throw Errors.NoImportFilePassed;
if (!Core.MiscUtils.TryMatchUri(url, out var _))
throw Errors.InvalidUrl;
await ctx.BusyIndicator(async () => await ctx.BusyIndicator(async () =>
{ {
JObject data; JObject data;

2
PluralKit.Bot/Errors.cs
View File

@ -115,7 +115,7 @@ public static class Errors
public static PKError AvatarDimensionsTooLarge(int width, int height) => new( public static PKError AvatarDimensionsTooLarge(int width, int height) => new(
$"Image too large ({width}x{height} > {Limits.AvatarDimensionLimit}x{Limits.AvatarDimensionLimit}), try resizing the image."); $"Image too large ({width}x{height} > {Limits.AvatarDimensionLimit}x{Limits.AvatarDimensionLimit}), try resizing the image.");
public static PKError InvalidUrl(string url) => new("The given URL is invalid."); public static PKError InvalidUrl => new("The given URL is invalid.");
public static PKError UrlTooLong(string url) => public static PKError UrlTooLong(string url) =>
new($"The given URL is too long ({url.Length}/{Limits.MaxUriLength} characters)."); new($"The given URL is too long ({url.Length}/{Limits.MaxUriLength} characters).");

2
PluralKit.Bot/Utils/AvatarUtils.cs
View File

@ -21,7 +21,7 @@ public static class AvatarUtils
}; };
if (!PluralKit.Core.MiscUtils.TryMatchUri(url, out var uri)) if (!PluralKit.Core.MiscUtils.TryMatchUri(url, out var uri))
throw Errors.InvalidUrl(url); throw Errors.InvalidUrl;
url = TryRewriteCdnUrl(url); url = TryRewriteCdnUrl(url);