YGGverse
/
YGGtracker
mirror of https://github.com/YGGverse/YGGtracker.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

fix yggdrasil host validation

main
ghost 1 year ago
parent
e3f312f6f3
commit
f3896534ae
7 changed files with 28 additions and 29 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      src/config/app.php.example
  2. 26
      src/public/action.php
  3. 15
      src/public/download.php
  4. 8
      src/public/edit.php
  5. 2
      src/public/index.php
  6. 2
      src/public/magnet.php
  7. 2
      src/public/node.php

2
src/config/app.php.example
Unescape View File

@ -110,7 +110,7 @@ define('COMMENT_MIN_LENGTH', 1); @@ -110,7 +110,7 @@ define('COMMENT_MIN_LENGTH', 1);
define('COMMENT_MAX_LENGTH', 1000);
// Yggdrasil
define('YGGDRASIL_URL_REGEX', '/^0{0,1}[2-3][a-f0-9]{0,2}:/'); // thanks to @ygguser (https://github.com/YGGverse/YGGo/issues/1#issuecomment-1498182228 )
define('YGGDRASIL_HOST_REGEX', '/^0{0,1}[2-3][a-f0-9]{0,2}:/'); // thanks to @ygguser (https://github.com/YGGverse/YGGo/issues/1#issuecomment-1498182228 )
// Crawler
define('CRAWLER_SCRAPE_QUEUE_LIMIT', 1);

26
src/public/action.php
Unescape View File

@ -35,7 +35,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) @@ -35,7 +35,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false)
case 'jidenticon':
// Yggdrasil connections only
if (!preg_match(YGGDRASIL_URL_REGEX, $_SERVER['REMOTE_ADDR']))
if (!preg_match(YGGDRASIL_HOST_REGEX, $_SERVER['REMOTE_ADDR']))
{
$response->success = false;
$response->message = _('Yggdrasil connection required for this action');
@ -85,7 +85,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) @@ -85,7 +85,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false)
case 'approved':
// Yggdrasil connections only
if (!preg_match(YGGDRASIL_URL_REGEX, $_SERVER['REMOTE_ADDR']))
if (!preg_match(YGGDRASIL_HOST_REGEX, $_SERVER['REMOTE_ADDR']))
{
$response->success = false;
$response->message = _('Yggdrasil connection required for this action');
@ -166,7 +166,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) @@ -166,7 +166,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false)
case 'public':
// Yggdrasil connections only
if (!preg_match(YGGDRASIL_URL_REGEX, $_SERVER['REMOTE_ADDR']))
if (!preg_match(YGGDRASIL_HOST_REGEX, $_SERVER['REMOTE_ADDR']))
{
$response->success = false;
$response->message = _('Yggdrasil connection required for this action');
@ -236,7 +236,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) @@ -236,7 +236,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false)
case 'new':
// Yggdrasil connections only
if (!preg_match(YGGDRASIL_URL_REGEX, $_SERVER['REMOTE_ADDR']))
if (!preg_match(YGGDRASIL_HOST_REGEX, $_SERVER['REMOTE_ADDR']))
{
$response->success = false;
$response->message = _('Yggdrasil connection required for this action');
@ -329,7 +329,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) @@ -329,7 +329,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false)
case 'star':
// Yggdrasil connections only
if (!preg_match(YGGDRASIL_URL_REGEX, $_SERVER['REMOTE_ADDR']))
if (!preg_match(YGGDRASIL_HOST_REGEX, $_SERVER['REMOTE_ADDR']))
{
$response->success = false;
$response->message = _('Yggdrasil connection required for this action');
@ -396,7 +396,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) @@ -396,7 +396,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false)
case 'download':
// Yggdrasil connections only
if (!preg_match(YGGDRASIL_URL_REGEX, $_SERVER['REMOTE_ADDR']))
if (!preg_match(YGGDRASIL_HOST_REGEX, $_SERVER['REMOTE_ADDR']))
{
$response->success = false;
$response->message = _('Yggdrasil connection required for this action');
@ -489,7 +489,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) @@ -489,7 +489,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false)
$uri->value)));
// Yggdrasil url only
if (!preg_match(YGGDRASIL_URL_REGEX, $url))
if (!preg_match(YGGDRASIL_HOST_REGEX, $url))
{
continue;
}
@ -521,7 +521,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) @@ -521,7 +521,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false)
$uri->value)));
// Yggdrasil url only
if (!preg_match(YGGDRASIL_URL_REGEX, $url))
if (!preg_match(YGGDRASIL_HOST_REGEX, $url))
{
continue;
}
@ -547,7 +547,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) @@ -547,7 +547,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false)
$uri->value)));
// Yggdrasil url only
if (!preg_match(YGGDRASIL_URL_REGEX, $url))
if (!preg_match(YGGDRASIL_HOST_REGEX, $url))
{
continue;
}
@ -567,7 +567,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) @@ -567,7 +567,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false)
case 'new':
// Yggdrasil connections only
if (!preg_match(YGGDRASIL_URL_REGEX, $_SERVER['REMOTE_ADDR']))
if (!preg_match(YGGDRASIL_HOST_REGEX, $_SERVER['REMOTE_ADDR']))
{
$response->success = false;
$response->message = _('Yggdrasil connection required for this action');
@ -659,7 +659,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) @@ -659,7 +659,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false)
{
if ($url = Yggverse\Parser\Url::parse($tr))
{
if (preg_match(YGGDRASIL_URL_REGEX, str_replace(['[',']'], false, $url->host->name)))
if (preg_match(YGGDRASIL_HOST_REGEX, str_replace(['[',']'], false, $url->host->name)))
{
$db->initMagnetToAddressTrackerId(
$magnetId,
@ -685,7 +685,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) @@ -685,7 +685,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false)
{
if ($url = Yggverse\Parser\Url::parse($as))
{
if (preg_match(YGGDRASIL_URL_REGEX, str_replace(['[',']'], false, $url->host->name)))
if (preg_match(YGGDRASIL_HOST_REGEX, str_replace(['[',']'], false, $url->host->name)))
{
$db->initMagnetToAcceptableSourceId(
$magnetId,
@ -705,7 +705,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false) @@ -705,7 +705,7 @@ switch (isset($_GET['target']) ? urldecode($_GET['target']) : false)
{
if ($url = Yggverse\Parser\Url::parse($xs))
{
if (preg_match(YGGDRASIL_URL_REGEX, str_replace(['[',']'], false, $url->host->name)))
if (preg_match(YGGDRASIL_HOST_REGEX, str_replace(['[',']'], false, $url->host->name)))
{
$db->initMagnetToExactSourceId(
$magnetId,

15
src/public/download.php
Unescape View File

@ -31,7 +31,7 @@ $response = (object) @@ -31,7 +31,7 @@ $response = (object)
];
// Yggdrasil connections only
if (!preg_match(YGGDRASIL_URL_REGEX, $_SERVER['REMOTE_ADDR']))
if (!preg_match(YGGDRASIL_HOST_REGEX, $_SERVER['REMOTE_ADDR']))
{
$response->success = false;
$response->message = _('Yggdrasil connection required for this action');
@ -123,8 +123,8 @@ $response = (object) @@ -123,8 +123,8 @@ $response = (object)
$host->value,
$uri->value)));
// Yggdrasil url only
if (!preg_match(YGGDRASIL_URL_REGEX, $url))
// Yggdrasil host only
if (!preg_match(YGGDRASIL_HOST_REGEX, str_replace(['[',']'], false, $host->value)))
{
continue;
}
@ -154,9 +154,8 @@ $response = (object) @@ -154,9 +154,8 @@ $response = (object)
$uri->value) : sprintf('%s://%s%s', $scheme->value,
$host->value,
$uri->value)));
// Yggdrasil url only
if (!preg_match(YGGDRASIL_URL_REGEX, $url))
// Yggdrasil host only
if (!preg_match(YGGDRASIL_HOST_REGEX, str_replace(['[',']'], false, $host->value)))
{
continue;
}
@ -181,8 +180,8 @@ $response = (object) @@ -181,8 +180,8 @@ $response = (object)
$host->value,
$uri->value)));
// Yggdrasil url only
if (!preg_match(YGGDRASIL_URL_REGEX, $url))
// Yggdrasil host only
if (!preg_match(YGGDRASIL_HOST_REGEX, str_replace(['[',']'], false, $host->value)))
{
continue;
}

8
src/public/edit.php
Unescape View File

@ -140,7 +140,7 @@ $response = (object) @@ -140,7 +140,7 @@ $response = (object)
];
// Yggdrasil connections only
if (!preg_match(YGGDRASIL_URL_REGEX, $_SERVER['REMOTE_ADDR']))
if (!preg_match(YGGDRASIL_HOST_REGEX, $_SERVER['REMOTE_ADDR']))
{
$response->success = false;
$response->message = _('Yggdrasil connection required to enable resource features');
@ -370,7 +370,7 @@ else { @@ -370,7 +370,7 @@ else {
{
if ($url = Yggverse\Parser\Url::parse($tr))
{
if (preg_match(YGGDRASIL_URL_REGEX, str_replace(['[',']'], false, $url->host->name)))
if (preg_match(YGGDRASIL_HOST_REGEX, str_replace(['[',']'], false, $url->host->name)))
{
$db->initMagnetToAddressTrackerId(
$magnet->magnetId,
@ -406,7 +406,7 @@ else { @@ -406,7 +406,7 @@ else {
{
if ($url = Yggverse\Parser\Url::parse($as))
{
if (preg_match(YGGDRASIL_URL_REGEX, str_replace(['[',']'], false, $url->host->name)))
if (preg_match(YGGDRASIL_HOST_REGEX, str_replace(['[',']'], false, $url->host->name)))
{
$db->initMagnetToAcceptableSourceId(
$magnet->magnetId,
@ -442,7 +442,7 @@ else { @@ -442,7 +442,7 @@ else {
{
if ($url = Yggverse\Parser\Url::parse($xs))
{
if (preg_match(YGGDRASIL_URL_REGEX, str_replace(['[',']'], false, $url->host->name)))
if (preg_match(YGGDRASIL_HOST_REGEX, str_replace(['[',']'], false, $url->host->name)))
{
$db->initMagnetToExactSourceId(
$magnet->magnetId,

2
src/public/index.php
Unescape View File

@ -51,7 +51,7 @@ $response = (object) @@ -51,7 +51,7 @@ $response = (object)
];
// Yggdrasil connections only
if (!preg_match(YGGDRASIL_URL_REGEX, $_SERVER['REMOTE_ADDR']))
if (!preg_match(YGGDRASIL_HOST_REGEX, $_SERVER['REMOTE_ADDR']))
{
$response->success = false;
$response->message = _('Yggdrasil connection required to enable resource features');

2
src/public/magnet.php
Unescape View File

@ -41,7 +41,7 @@ $response = (object) @@ -41,7 +41,7 @@ $response = (object)
];
// Yggdrasil connections only
if (!preg_match(YGGDRASIL_URL_REGEX, $_SERVER['REMOTE_ADDR']))
if (!preg_match(YGGDRASIL_HOST_REGEX, $_SERVER['REMOTE_ADDR']))
{
$response->success = false;
$response->message = _('Yggdrasil connection required to enable resource features');

2
src/public/node.php
Unescape View File

@ -26,7 +26,7 @@ $response = (object) @@ -26,7 +26,7 @@ $response = (object)
];
// Yggdrasil connections only
if (!preg_match(YGGDRASIL_URL_REGEX, $_SERVER['REMOTE_ADDR']))
if (!preg_match(YGGDRASIL_HOST_REGEX, $_SERVER['REMOTE_ADDR']))
{
$response->success = false;
$response->message = _('Yggdrasil connection required for this action');

Write Preview
Loading…
Cancel
Save