t0w0bi/ClubPenguinServer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

check on normalized url regex and match on titles

Browse Source
This commit is contained in:
rootdarkarchon
2023-05-11 23:49:08 +02:00
parent 87c7517a7c
commit 9b87e3c625
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
MareSynchronosServer/MareSynchronosServer/Hubs/MareHub.User.cs
View File

@@ -203,10 +203,10 @@ public partial class MareHub
var deserialized = JsonSerializer.Deserialize<JsonElement>(honorificJson); var deserialized = JsonSerializer.Deserialize<JsonElement>(honorificJson);
if (deserialized.TryGetProperty("Title", out var honorificTitle)) if (deserialized.TryGetProperty("Title", out var honorificTitle))
{ {
var title = honorificTitle.GetString(); var title = honorificTitle.GetString().Normalize(NormalizationForm.FormKD);
if (title.Contains('.') || title.Contains('/')) if (UrlRegex().IsMatch(title))
{ {
await Clients.Caller.Client_ReceiveServerMessage(MessageSeverity.Error, "Your data was not pushed: The usage of . and / in the Honorific titles is prohibited. Remove them to be able to continue to push data.").ConfigureAwait(false); await Clients.Caller.Client_ReceiveServerMessage(MessageSeverity.Error, "Your data was not pushed: The usage of URLs the Honorific titles is prohibited. Remove them to be able to continue to push data.").ConfigureAwait(false);
throw new HubException("Invalid data provided, Honorific title invalid: " + title); throw new HubException("Invalid data provided, Honorific title invalid: " + title);
} }
} }
@@ -504,6 +504,9 @@ public partial class MareHub
[GeneratedRegex(@"^[A-Z0-9]{40}$", RegexOptions.IgnoreCase | RegexOptions.Compiled | RegexOptions.ECMAScript)] [GeneratedRegex(@"^[A-Z0-9]{40}$", RegexOptions.IgnoreCase | RegexOptions.Compiled | RegexOptions.ECMAScript)]
private static partial Regex HashRegex(); private static partial Regex HashRegex();
[GeneratedRegex("^[-a-zA-Z0-9@:%._\\+~#=]{1,256}[\\.,][a-zA-Z0-9()]{1,6}\\b(?:[-a-zA-Z0-9()@:%_\\+.~#?&\\/=]*)$")]
private static partial Regex UrlRegex();
private ClientPair OppositeEntry(string otherUID) => private ClientPair OppositeEntry(string otherUID) =>
_dbContext.ClientPairs.AsNoTracking().SingleOrDefault(w => w.User.UID == otherUID && w.OtherUser.UID == UserUID); _dbContext.ClientPairs.AsNoTracking().SingleOrDefault(w => w.User.UID == otherUID && w.OtherUser.UID == UserUID);
} }