p3k
/
Telegraph
mirror of https://github.com/aaronpk/Telegraph.git
1
0
Fork 0
Code Issues 0 Releases 0 Wiki Activity
Browse Source

Merge pull request #6 from snarfed/callback_validation_bugfix 

fix callback param URL validation
pull/7/head
Aaron Parecki 9 years ago
parent
a51729652c 16a3cdd8c9
commit
7b51f9e47d
2 changed files with 15 additions and 27 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +5
    -13
      controllers/API.php
  2. +10
    -14
      tests/APITest.php

+ 5
- 13
controllers/API.php View File

@ -54,24 +54,16 @@ class API {
$urlregex = '/^https?:\/\/[^ ]+\.[^ ]+$/'; $urlregex = '/^https?:\/\/[^ ]+\.[^ ]+$/';
# Verify source and target are URLs
if(!preg_match($urlregex, $source) || !preg_match($urlregex, $target)) {
# Verify source, target, and callback are URLs
$callback = $request->get('callback');
if(!preg_match($urlregex, $source) || !preg_match($urlregex, $target) ||
($callback && !preg_match($urlregex, $callback))) {
return $this->respond($response, 400, [ return $this->respond($response, 400, [
'error' => 'invalid_parameter', 'error' => 'invalid_parameter',
'error_description' => 'The source or target parameters were invalid'
'error_description' => 'The source, target, or callback parameters were invalid'
]); ]);
} }
# If a callback was provided, verify it is a URL
if($callback=$request->get('callback')) {
if(!preg_match($urlregex, $source) || !preg_match($urlregex, $target)) {
return $this->respond($response, 400, [
'error' => 'invalid_parameter',
'error_description' => 'The callback parameter was invalid'
]);
}
}
# Verify the token is valid # Verify the token is valid
$role = ORM::for_table('roles')->where('token', $token)->find_one(); $role = ORM::for_table('roles')->where('token', $token)->find_one();

+ 10
- 14
tests/APITest.php View File

@ -87,20 +87,16 @@ class APITest extends PHPUnit_Framework_TestCase {
public function testInvalidURLs() { public function testInvalidURLs() {
$this->_createExampleAccount(); $this->_createExampleAccount();
$response = $this->webmention(['token'=>'a','source'=>'notaurl','target'=>'alsonotaurl']);
$this->assertEquals(400, $response->getStatusCode());
$data = json_decode($response->getContent());
$this->assertEquals('invalid_parameter', $data->error);
$response = $this->webmention(['token'=>'a','source'=>'http://source.example','target'=>'alsonotaurl']);
$this->assertEquals(400, $response->getStatusCode());
$data = json_decode($response->getContent());
$this->assertEquals('invalid_parameter', $data->error);
$response = $this->webmention(['token'=>'a','source'=>'notaurl','target'=>'http://target.example']);
$this->assertEquals(400, $response->getStatusCode());
$data = json_decode($response->getContent());
$this->assertEquals('invalid_parameter', $data->error);
foreach ([['token'=>'a','source'=>'notaurl','target'=>'alsonotaurl'],
['token'=>'a','source'=>'http://source.example','target'=>'alsonotaurl'],
['token'=>'a','source'=>'notaurl','target'=>'http://target.example'],
['token'=>'a','source'=>'http://source.example','target'=>'http://target.example','callback'=>'notaurl']
] as $params) {
$response = $this->webmention($params);
$this->assertEquals(400, $response->getStatusCode());
$data = json_decode($response->getContent());
$this->assertEquals('invalid_parameter', $data->error);
}
} }
public function testNoLinkToSource() { public function testNoLinkToSource() {

Write Preview
Loading…
Cancel
Save