From f3896534aea1d67cba842d1da87ba08907aa76ea Mon Sep 17 00:00:00 2001 From: ghost Date: Wed, 6 Sep 2023 13:14:18 +0300 Subject: [PATCH] fix yggdrasil host validation --- src/config/app.php.example | 2 +- src/public/action.php | 26 +++++++++++++------------- src/public/download.php | 15 +++++++-------- src/public/edit.php | 8 ++++---- src/public/index.php | 2 +- src/public/magnet.php | 2 +- src/public/node.php | 2 +- 7 files changed, 28 insertions(+), 29 deletions(-) diff --git a/src/config/app.php.example b/src/config/app.php.example index 83af8c1..0933cb8 100644 --- a/src/config/app.php.example +++ b/src/config/app.php.example @@ -110,7 +110,7 @@ define('COMMENT_MIN_LENGTH', 1); define('COMMENT_MAX_LENGTH', 1000); // Yggdrasil -define('YGGDRASIL_URL_REGEX', '/^0{0,1}[2-3][a-f0-9]{0,2}:/'); // thanks to @ygguser (https://github.com/YGGverse/YGGo/issues/1#issuecomment-1498182228 ) +define('YGGDRASIL_HOST_REGEX', '/^0{0,1}[2-3][a-f0-9]{0,2}:/'); // thanks to @ygguser (https://github.com/YGGverse/YGGo/issues/1#issuecomment-1498182228 ) // Crawler define('CRAWLER_SCRAPE_QUEUE_LIMIT', 1); diff --git a/src/public/action.php b/src/public/action.php index fd00b02..3343c07 100644 --- a/src/public/action.php +++ b/src/public/action.php @@ -35,7 +35,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) case 'jidenticon': // Yggdrasil connections only - if (!preg_match(YGGDRASIL_URL_REGEX, $_SERVER['REMOTE_ADDR'])) + if (!preg_match(YGGDRASIL_HOST_REGEX, $_SERVER['REMOTE_ADDR'])) { $response->success = false; $response->message = _('Yggdrasil connection required for this action'); @@ -85,7 +85,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) case 'approved': // Yggdrasil connections only - if (!preg_match(YGGDRASIL_URL_REGEX, $_SERVER['REMOTE_ADDR'])) + if (!preg_match(YGGDRASIL_HOST_REGEX, $_SERVER['REMOTE_ADDR'])) { $response->success = false; $response->message = _('Yggdrasil connection required for this action'); @@ -166,7 +166,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) case 'public': // Yggdrasil connections only - if (!preg_match(YGGDRASIL_URL_REGEX, $_SERVER['REMOTE_ADDR'])) + if (!preg_match(YGGDRASIL_HOST_REGEX, $_SERVER['REMOTE_ADDR'])) { $response->success = false; $response->message = _('Yggdrasil connection required for this action'); @@ -236,7 +236,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) case 'new': // Yggdrasil connections only - if (!preg_match(YGGDRASIL_URL_REGEX, $_SERVER['REMOTE_ADDR'])) + if (!preg_match(YGGDRASIL_HOST_REGEX, $_SERVER['REMOTE_ADDR'])) { $response->success = false; $response->message = _('Yggdrasil connection required for this action'); @@ -329,7 +329,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) case 'star': // Yggdrasil connections only - if (!preg_match(YGGDRASIL_URL_REGEX, $_SERVER['REMOTE_ADDR'])) + if (!preg_match(YGGDRASIL_HOST_REGEX, $_SERVER['REMOTE_ADDR'])) { $response->success = false; $response->message = _('Yggdrasil connection required for this action'); @@ -396,7 +396,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) case 'download': // Yggdrasil connections only - if (!preg_match(YGGDRASIL_URL_REGEX, $_SERVER['REMOTE_ADDR'])) + if (!preg_match(YGGDRASIL_HOST_REGEX, $_SERVER['REMOTE_ADDR'])) { $response->success = false; $response->message = _('Yggdrasil connection required for this action'); @@ -489,7 +489,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) $uri->value))); // Yggdrasil url only - if (!preg_match(YGGDRASIL_URL_REGEX, $url)) + if (!preg_match(YGGDRASIL_HOST_REGEX, $url)) { continue; } @@ -521,7 +521,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) $uri->value))); // Yggdrasil url only - if (!preg_match(YGGDRASIL_URL_REGEX, $url)) + if (!preg_match(YGGDRASIL_HOST_REGEX, $url)) { continue; } @@ -547,7 +547,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) $uri->value))); // Yggdrasil url only - if (!preg_match(YGGDRASIL_URL_REGEX, $url)) + if (!preg_match(YGGDRASIL_HOST_REGEX, $url)) { continue; } @@ -567,7 +567,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) case 'new': // Yggdrasil connections only - if (!preg_match(YGGDRASIL_URL_REGEX, $_SERVER['REMOTE_ADDR'])) + if (!preg_match(YGGDRASIL_HOST_REGEX, $_SERVER['REMOTE_ADDR'])) { $response->success = false; $response->message = _('Yggdrasil connection required for this action'); @@ -659,7 +659,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) { if ($url = Yggverse\Parser\Url::parse($tr)) { - if (preg_match(YGGDRASIL_URL_REGEX, str_replace(['[',']'], false, $url->host->name))) + if (preg_match(YGGDRASIL_HOST_REGEX, str_replace(['[',']'], false, $url->host->name))) { $db->initMagnetToAddressTrackerId( $magnetId, @@ -685,7 +685,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) { if ($url = Yggverse\Parser\Url::parse($as)) { - if (preg_match(YGGDRASIL_URL_REGEX, str_replace(['[',']'], false, $url->host->name))) + if (preg_match(YGGDRASIL_HOST_REGEX, str_replace(['[',']'], false, $url->host->name))) { $db->initMagnetToAcceptableSourceId( $magnetId, @@ -705,7 +705,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) { if ($url = Yggverse\Parser\Url::parse($xs)) { - if (preg_match(YGGDRASIL_URL_REGEX, str_replace(['[',']'], false, $url->host->name))) + if (preg_match(YGGDRASIL_HOST_REGEX, str_replace(['[',']'], false, $url->host->name))) { $db->initMagnetToExactSourceId( $magnetId, diff --git a/src/public/download.php b/src/public/download.php index 38d0bfe..7a11103 100644 --- a/src/public/download.php +++ b/src/public/download.php @@ -31,7 +31,7 @@ $response = (object) ]; // Yggdrasil connections only - if (!preg_match(YGGDRASIL_URL_REGEX, $_SERVER['REMOTE_ADDR'])) + if (!preg_match(YGGDRASIL_HOST_REGEX, $_SERVER['REMOTE_ADDR'])) { $response->success = false; $response->message = _('Yggdrasil connection required for this action'); @@ -123,8 +123,8 @@ $response = (object) $host->value, $uri->value))); - // Yggdrasil url only - if (!preg_match(YGGDRASIL_URL_REGEX, $url)) + // Yggdrasil host only + if (!preg_match(YGGDRASIL_HOST_REGEX, str_replace(['[',']'], false, $host->value))) { continue; } @@ -154,9 +154,8 @@ $response = (object) $uri->value) : sprintf('%s://%s%s', $scheme->value, $host->value, $uri->value))); - - // Yggdrasil url only - if (!preg_match(YGGDRASIL_URL_REGEX, $url)) + // Yggdrasil host only + if (!preg_match(YGGDRASIL_HOST_REGEX, str_replace(['[',']'], false, $host->value))) { continue; } @@ -181,8 +180,8 @@ $response = (object) $host->value, $uri->value))); - // Yggdrasil url only - if (!preg_match(YGGDRASIL_URL_REGEX, $url)) + // Yggdrasil host only + if (!preg_match(YGGDRASIL_HOST_REGEX, str_replace(['[',']'], false, $host->value))) { continue; } diff --git a/src/public/edit.php b/src/public/edit.php index 5956aa6..7735947 100644 --- a/src/public/edit.php +++ b/src/public/edit.php @@ -140,7 +140,7 @@ $response = (object) ]; // Yggdrasil connections only -if (!preg_match(YGGDRASIL_URL_REGEX, $_SERVER['REMOTE_ADDR'])) +if (!preg_match(YGGDRASIL_HOST_REGEX, $_SERVER['REMOTE_ADDR'])) { $response->success = false; $response->message = _('Yggdrasil connection required to enable resource features'); @@ -370,7 +370,7 @@ else { { if ($url = Yggverse\Parser\Url::parse($tr)) { - if (preg_match(YGGDRASIL_URL_REGEX, str_replace(['[',']'], false, $url->host->name))) + if (preg_match(YGGDRASIL_HOST_REGEX, str_replace(['[',']'], false, $url->host->name))) { $db->initMagnetToAddressTrackerId( $magnet->magnetId, @@ -406,7 +406,7 @@ else { { if ($url = Yggverse\Parser\Url::parse($as)) { - if (preg_match(YGGDRASIL_URL_REGEX, str_replace(['[',']'], false, $url->host->name))) + if (preg_match(YGGDRASIL_HOST_REGEX, str_replace(['[',']'], false, $url->host->name))) { $db->initMagnetToAcceptableSourceId( $magnet->magnetId, @@ -442,7 +442,7 @@ else { { if ($url = Yggverse\Parser\Url::parse($xs)) { - if (preg_match(YGGDRASIL_URL_REGEX, str_replace(['[',']'], false, $url->host->name))) + if (preg_match(YGGDRASIL_HOST_REGEX, str_replace(['[',']'], false, $url->host->name))) { $db->initMagnetToExactSourceId( $magnet->magnetId, diff --git a/src/public/index.php b/src/public/index.php index 2b91762..8b3f988 100644 --- a/src/public/index.php +++ b/src/public/index.php @@ -51,7 +51,7 @@ $response = (object) ]; // Yggdrasil connections only -if (!preg_match(YGGDRASIL_URL_REGEX, $_SERVER['REMOTE_ADDR'])) +if (!preg_match(YGGDRASIL_HOST_REGEX, $_SERVER['REMOTE_ADDR'])) { $response->success = false; $response->message = _('Yggdrasil connection required to enable resource features'); diff --git a/src/public/magnet.php b/src/public/magnet.php index da870ff..33ed873 100644 --- a/src/public/magnet.php +++ b/src/public/magnet.php @@ -41,7 +41,7 @@ $response = (object) ]; // Yggdrasil connections only -if (!preg_match(YGGDRASIL_URL_REGEX, $_SERVER['REMOTE_ADDR'])) +if (!preg_match(YGGDRASIL_HOST_REGEX, $_SERVER['REMOTE_ADDR'])) { $response->success = false; $response->message = _('Yggdrasil connection required to enable resource features'); diff --git a/src/public/node.php b/src/public/node.php index 42fca5f..5d4f31d 100644 --- a/src/public/node.php +++ b/src/public/node.php @@ -26,7 +26,7 @@ $response = (object) ]; // Yggdrasil connections only -if (!preg_match(YGGDRASIL_URL_REGEX, $_SERVER['REMOTE_ADDR'])) +if (!preg_match(YGGDRASIL_HOST_REGEX, $_SERVER['REMOTE_ADDR'])) { $response->success = false; $response->message = _('Yggdrasil connection required for this action');