From 9b87e3c6258e8fd57693dbbf6f6d970ec1e22174 Mon Sep 17 00:00:00 2001
From: rootdarkarchon <root.darkarchon@outlook.com>
Date: Thu, 11 May 2023 23:49:08 +0200
Subject: [PATCH] check on normalized url regex and match on titles

---
 .../MareSynchronosServer/Hubs/MareHub.User.cs         | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/MareSynchronosServer/MareSynchronosServer/Hubs/MareHub.User.cs b/MareSynchronosServer/MareSynchronosServer/Hubs/MareHub.User.cs
index 4cbe462..654d22a 100644
--- a/MareSynchronosServer/MareSynchronosServer/Hubs/MareHub.User.cs
+++ b/MareSynchronosServer/MareSynchronosServer/Hubs/MareHub.User.cs
@@ -203,10 +203,10 @@ public partial class MareHub
             var deserialized = JsonSerializer.Deserialize<JsonElement>(honorificJson);
             if (deserialized.TryGetProperty("Title", out var honorificTitle))
             {
-                var title = honorificTitle.GetString();
-                if (title.Contains('.') || title.Contains('/'))
+                var title = honorificTitle.GetString().Normalize(NormalizationForm.FormKD);
+                if (UrlRegex().IsMatch(title))
                 {
-                    await Clients.Caller.Client_ReceiveServerMessage(MessageSeverity.Error, "Your data was not pushed: The usage of . and / in the Honorific titles is prohibited. Remove them to be able to continue to push data.").ConfigureAwait(false);
+                    await Clients.Caller.Client_ReceiveServerMessage(MessageSeverity.Error, "Your data was not pushed: The usage of URLs the Honorific titles is prohibited. Remove them to be able to continue to push data.").ConfigureAwait(false);
                     throw new HubException("Invalid data provided, Honorific title invalid: " + title);
                 }
             }
@@ -504,6 +504,9 @@ public partial class MareHub
     [GeneratedRegex(@"^[A-Z0-9]{40}$", RegexOptions.IgnoreCase | RegexOptions.Compiled | RegexOptions.ECMAScript)]
     private static partial Regex HashRegex();
 
+    [GeneratedRegex("^[-a-zA-Z0-9@:%._\\+~#=]{1,256}[\\.,][a-zA-Z0-9()]{1,6}\\b(?:[-a-zA-Z0-9()@:%_\\+.~#?&\\/=]*)$")]
+    private static partial Regex UrlRegex();
+
     private ClientPair OppositeEntry(string otherUID) =>
-                                _dbContext.ClientPairs.AsNoTracking().SingleOrDefault(w => w.User.UID == otherUID && w.OtherUser.UID == UserUID);
+                                    _dbContext.ClientPairs.AsNoTracking().SingleOrDefault(w => w.User.UID == otherUID && w.OtherUser.UID == UserUID);
 }
\ No newline at end of file