From 9388b856f1ad493265667bcd90e4021b692eafb2 Mon Sep 17 00:00:00 2001 From: Joshua Coales Date: Sat, 10 Oct 2020 00:55:00 +0100 Subject: [PATCH 1/3] [FacebookBridge] Handle mobile links and validate hostname the same between user and group links. --- bridges/FacebookBridge.php | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/bridges/FacebookBridge.php b/bridges/FacebookBridge.php index cb5e30f82cb..9f6597fd73c 100644 --- a/bridges/FacebookBridge.php +++ b/bridges/FacebookBridge.php @@ -215,8 +215,7 @@ private function sanitizeGroup($group) { $urlparts = parse_url($group); - if($urlparts['host'] !== parse_url(self::URI)['host'] - && 'www.' . $urlparts['host'] !== parse_url(self::URI)['host']) { + if(!$this->validateHost($urlparts['host'])) { returnClientError('The host you provided is invalid! Received "' . $urlparts['host'] @@ -236,6 +235,18 @@ private function sanitizeGroup($group) { } + private function validateHost($provided_host) { + // Handle mobile links + if (strpos($provided_host, "m.") === 0) { + $provided_host = substr($provided_host, strlen("m.")); + } + + $facebook_host = parse_url(self::URI)['host']; + + return ($provided_host !== $facebook_host + && 'www.' . $provided_host !== $facebook_host); + } + private function isPublicGroup($html) { // Facebook redirects to the groups about page for non-public groups @@ -348,7 +359,7 @@ private function sanitizeUser($user) { $urlparts = parse_url($user); - if($urlparts['host'] !== parse_url(self::URI)['host']) { + if(!$this->validateHost($urlparts['host'])) { returnClientError('The host you provided is invalid! Received "' . $urlparts['host'] . '", expected "' From c523c7adcbc18c8651c09d60856131d819f08806 Mon Sep 17 00:00:00 2001 From: Joshua Coales Date: Mon, 12 Oct 2020 16:31:54 +0100 Subject: [PATCH 2/3] [FacebookBridge] validateHost() to raise exception, rather than duplicating exception raising --- bridges/FacebookBridge.php | 28 ++++++++++------------------ 1 file changed, 10 insertions(+), 18 deletions(-) diff --git a/bridges/FacebookBridge.php b/bridges/FacebookBridge.php index 9f6597fd73c..1ad417a02a4 100644 --- a/bridges/FacebookBridge.php +++ b/bridges/FacebookBridge.php @@ -215,15 +215,7 @@ private function sanitizeGroup($group) { $urlparts = parse_url($group); - if(!$this->validateHost($urlparts['host'])) { - - returnClientError('The host you provided is invalid! Received "' - . $urlparts['host'] - . '", expected "' - . parse_url(self::URI)['host'] - . '"!'); - - } + $this->validateHost($urlparts['host']); return explode('/', $urlparts['path'])[2]; @@ -243,8 +235,14 @@ private function validateHost($provided_host) { $facebook_host = parse_url(self::URI)['host']; - return ($provided_host !== $facebook_host - && 'www.' . $provided_host !== $facebook_host); + if ($provided_host !== $facebook_host + && 'www.' . $provided_host !== $facebook_host) { + returnClientError('The host you provided is invalid! Received "' + . $provided_host + . '", expected "' + . $facebook_host + . '"!'); + } } private function isPublicGroup($html) { @@ -359,13 +357,7 @@ private function sanitizeUser($user) { $urlparts = parse_url($user); - if(!$this->validateHost($urlparts['host'])) { - returnClientError('The host you provided is invalid! Received "' - . $urlparts['host'] - . '", expected "' - . parse_url(self::URI)['host'] - . '"!'); - } + $this->validateHost($urlparts['host']); if(!array_key_exists('path', $urlparts) || $urlparts['path'] === '/') { From 84bfdb953ddac2b1a7ed6f85ff239d0f7876a995 Mon Sep 17 00:00:00 2001 From: Joshua Coales Date: Mon, 12 Oct 2020 17:07:00 +0100 Subject: [PATCH 3/3] [FacebookBridge] Swapping spaces for tabs --- bridges/FacebookBridge.php | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/bridges/FacebookBridge.php b/bridges/FacebookBridge.php index 1ad417a02a4..b7681114d04 100644 --- a/bridges/FacebookBridge.php +++ b/bridges/FacebookBridge.php @@ -228,22 +228,22 @@ private function sanitizeGroup($group) { } private function validateHost($provided_host) { - // Handle mobile links - if (strpos($provided_host, "m.") === 0) { - $provided_host = substr($provided_host, strlen("m.")); - } - - $facebook_host = parse_url(self::URI)['host']; - - if ($provided_host !== $facebook_host - && 'www.' . $provided_host !== $facebook_host) { - returnClientError('The host you provided is invalid! Received "' - . $provided_host - . '", expected "' - . $facebook_host - . '"!'); - } - } + // Handle mobile links + if (strpos($provided_host, 'm.') === 0) { + $provided_host = substr($provided_host, strlen('m.')); + } + + $facebook_host = parse_url(self::URI)['host']; + + if ($provided_host !== $facebook_host + && 'www.' . $provided_host !== $facebook_host) { + returnClientError('The host you provided is invalid! Received "' + . $provided_host + . '", expected "' + . $facebook_host + . '"!'); + } + } private function isPublicGroup($html) {