jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #4487 from BrokenEagle/fix-invalid-url

Browse Source 
Fix invalid artist URLs being allowed
This commit is contained in:
evazion
2020-06-29 17:46:13 -05:00
committed by GitHub
parent f5c9a78797 ed9135bcf3
commit 3d90414e06
2 changed files with 29 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
app/models/artist_url.rb
View File

@@ -20,11 +20,9 @@ class ArtistUrl < ApplicationRecord
nil
else
url = url.sub(%r!^https://!, "http://")
url = url.sub(%r!^http://([^/]+)!i) { |domain| domain.downcase }
url = url.sub(%r!^http://blog\d+\.fc2!, "http://blog.fc2")
url = url.sub(%r!^http://blog-imgs-\d+\.fc2!, "http://blog.fc2")
url = url.sub(%r!^http://blog-imgs-\d+-\w+\.fc2!, "http://blog.fc2")
# url = url.sub(%r!^(http://seiga.nicovideo.jp/user/illust/\d+)\?.+!, '\1/')
url = url.sub(%r!^http://pictures.hentai-foundry.com//!, "http://pictures.hentai-foundry.com/")
# the strategy won't always work for twitter because it looks for a status
@@ -97,7 +95,15 @@ class ArtistUrl < ApplicationRecord
end
def normalize
# Perform some normalization with Addressable on the URL itself
# - Converts scheme and hostname to downcase
# - Converts unicode hostname to Punycode
uri = Addressable::URI.parse(url)
uri.site = uri.normalized_site
self.url = uri.to_s
self.normalized_url = self.class.normalize(url)
rescue Addressable::URI::InvalidURIError
# Don't bother normalizing the URL if there is errors
end
def initialize_normalized_url
@@ -112,9 +118,18 @@ class ArtistUrl < ApplicationRecord
end
end
def validate_scheme(uri)
errors[:url] << "'#{uri}' must begin with http:// or https:// " unless uri.scheme.in?(%w[http https])
end
def validate_hostname(uri)
errors[:url] << "'#{uri}' has a hostname '#{uri.host}' that does not contain a dot" unless uri.host&.include?('.')
end
def validate_url_format
uri = Addressable::URI.parse(url)
errors[:url] << "'#{uri}' must begin with http:// or https:// " if !uri.scheme.in?(%w[http https])
validate_scheme(uri)
validate_hostname(uri)
rescue Addressable::URI::InvalidURIError => error
errors[:url] << "'#{uri}' is malformed: #{error}"
end