From f9f4115b7baeb9a73b63ecda3397994961071373 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Tue, 8 May 2018 21:46:36 +0300
Subject: common: strip login urls from input
---
.../src/main/java/com/juick/util/MessageUtils.java | 25 +++++++++++++++++++---
1 file changed, 22 insertions(+), 3 deletions(-)
(limited to 'juick-common/src/main/java/com/juick/util')
diff --git a/juick-common/src/main/java/com/juick/util/MessageUtils.java b/juick-common/src/main/java/com/juick/util/MessageUtils.java
index bb7edfc3..932577cb 100644
--- a/juick-common/src/main/java/com/juick/util/MessageUtils.java
+++ b/juick-common/src/main/java/com/juick/util/MessageUtils.java
@@ -22,8 +22,10 @@ import com.juick.Tag;
import com.juick.User;
import org.apache.commons.codec.CharEncoding;
import org.apache.commons.lang3.StringUtils;
+import org.springframework.web.util.UriComponentsBuilder;
import java.io.UnsupportedEncodingException;
+import java.net.URI;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.List;
@@ -55,7 +57,10 @@ public class MessageUtils {
return result;
}
- private static Pattern regexLinks2 = Pattern.compile("((?<=\\s)|(?<=\\A))([\\[\\{]|<)((?:ht|f)tps?://(?:www\\.)?([^\\/\\s\\\"\\)\\!]+)/?(?:[^\\]\\}](?http://juick.com/last?page=2
- msg = msg.replaceAll("((?<=\\s)|(?<=\\A))((?:ht|f)tps?://(?:www\\.)?([^\\/\\s\\n\\\"]+)/?[^\\s\\n\\\"]*)", "$1$2");
+ msg = msg.replaceAll(regexUrl, "$1$2");
// (http://juick.com/last?page=2)
// (http://juick.com/last?page=2)
@@ -91,7 +96,7 @@ public class MessageUtils {
// http://juick.com/last?page=2
// juick.com
- msg = msg.replaceAll("((?<=\\s)|(?<=\\A))((?:ht|f)tps?://(?:www\\.)?([^\\/\\s\\n\\\"]+)/?[^\\s\\n\\\"]*)", "$1$3");
+ msg = msg.replaceAll(regexUrl, "$1$3");
// [link text][http://juick.com/last?page=2]
// link text
@@ -268,4 +273,18 @@ public class MessageUtils {
public static boolean isReply(Message message) {
return message.getRid() > 0;
}
+
+ public static String stripNonSafeUrls(String input) {
+ // strip login urls
+ Matcher urlMatcher = Pattern.compile(MessageUtils.regexUrl).matcher(input);
+ while (urlMatcher.find()) {
+ URI uri = URI.create(urlMatcher.group(0));
+ if (uri.getHost().equals("juick.com")) {
+ UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUri(uri);
+ uriComponentsBuilder.replaceQueryParam("hash", StringUtils.EMPTY);
+ input = input.replace(urlMatcher.group(0), uriComponentsBuilder.build().toUriString());
+ }
+ }
+ return input;
+ }
}
--
cgit v1.2.3