From f9f4115b7baeb9a73b63ecda3397994961071373 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Tue, 8 May 2018 21:46:36 +0300
Subject: common: strip login urls from input

---
 .../src/main/java/com/juick/util/MessageUtils.java | 25 +++++++++++++++++++---
 1 file changed, 22 insertions(+), 3 deletions(-)

(limited to 'juick-common/src/main/java/com/juick/util')

diff --git a/juick-common/src/main/java/com/juick/util/MessageUtils.java b/juick-common/src/main/java/com/juick/util/MessageUtils.java
index bb7edfc3..932577cb 100644
--- a/juick-common/src/main/java/com/juick/util/MessageUtils.java
+++ b/juick-common/src/main/java/com/juick/util/MessageUtils.java
@@ -22,8 +22,10 @@ import com.juick.Tag;
 import com.juick.User;
 import org.apache.commons.codec.CharEncoding;
 import org.apache.commons.lang3.StringUtils;
+import org.springframework.web.util.UriComponentsBuilder;
 
 import java.io.UnsupportedEncodingException;
+import java.net.URI;
 import java.net.URLEncoder;
 import java.util.ArrayList;
 import java.util.List;
@@ -55,7 +57,10 @@ public class MessageUtils {
         return result;
     }
 
-    private static Pattern regexLinks2 = Pattern.compile("((?<=\\s)|(?<=\\A))([\\[\\{]|&lt;)((?:ht|f)tps?://(?:www\\.)?([^\\/\\s\\\"\\)\\!]+)/?(?:[^\\]\\}](?<!&gt;))*)([\\]\\}]|&gt;)");
+    private final static String regexUrl =
+            "((?<=\\s)|(?<=\\A))((?:ht|f)tps?://(?:www\\.)?([^\\/\\s\\n\\\"]+)/?[^\\s\\n\\\"]*)";
+
+    private final static Pattern regexLinks2 = Pattern.compile("((?<=\\s)|(?<=\\A))([\\[\\{]|&lt;)((?:ht|f)tps?://(?:www\\.)?([^\\/\\s\\\"\\)\\!]+)/?(?:[^\\]\\}](?<!&gt;))*)([\\]\\}]|&gt;)");
 
     public static String formatMessageCode(String msg) {
         msg = msg.replaceAll("&", "&amp;");
@@ -64,7 +69,7 @@ public class MessageUtils {
 
         // http://juick.com/last?page=2
         // <a href="http://juick.com/last?page=2" rel="nofollow">http://juick.com/last?page=2</a>
-        msg = msg.replaceAll("((?<=\\s)|(?<=\\A))((?:ht|f)tps?://(?:www\\.)?([^\\/\\s\\n\\\"]+)/?[^\\s\\n\\\"]*)", "$1<a href=\"$2\" rel=\"nofollow\">$2</a>");
+        msg = msg.replaceAll(regexUrl, "$1<a href=\"$2\" rel=\"nofollow\">$2</a>");
 
         // (http://juick.com/last?page=2)
         // (<a href="http://juick.com/last?page=2" rel="nofollow">http://juick.com/last?page=2</a>)
@@ -91,7 +96,7 @@ public class MessageUtils {
 
         // http://juick.com/last?page=2
         // <a href="http://juick.com/last?page=2" rel="nofollow">juick.com</a>
-        msg = msg.replaceAll("((?<=\\s)|(?<=\\A))((?:ht|f)tps?://(?:www\\.)?([^\\/\\s\\n\\\"]+)/?[^\\s\\n\\\"]*)", "$1<a href=\"$2\" rel=\"nofollow\">$3</a>");
+        msg = msg.replaceAll(regexUrl, "$1<a href=\"$2\" rel=\"nofollow\">$3</a>");
 
         // [link text][http://juick.com/last?page=2]
         // <a href="http://juick.com/last?page=2" rel="nofollow">link text</a>
@@ -268,4 +273,18 @@ public class MessageUtils {
     public static boolean isReply(Message message) {
         return message.getRid() > 0;
     }
+
+    public static String stripNonSafeUrls(String input) {
+        // strip login urls
+        Matcher urlMatcher = Pattern.compile(MessageUtils.regexUrl).matcher(input);
+        while (urlMatcher.find()) {
+            URI uri = URI.create(urlMatcher.group(0));
+            if (uri.getHost().equals("juick.com")) {
+                UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUri(uri);
+                uriComponentsBuilder.replaceQueryParam("hash", StringUtils.EMPTY);
+                input = input.replace(urlMatcher.group(0), uriComponentsBuilder.build().toUriString());
+            }
+        }
+        return input;
+    }
 }
-- 
cgit v1.2.3