From c3f5d83b7beed8a523b8a851df742ef028de5efd Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Thu, 17 May 2018 22:26:14 +0300
Subject: fix unsafe urls stripping
---
.../src/main/java/com/juick/util/MessageUtils.java | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
(limited to 'juick-common/src/main/java/com')
diff --git a/juick-common/src/main/java/com/juick/util/MessageUtils.java b/juick-common/src/main/java/com/juick/util/MessageUtils.java
index 5a4b05ca..c9796809 100644
--- a/juick-common/src/main/java/com/juick/util/MessageUtils.java
+++ b/juick-common/src/main/java/com/juick/util/MessageUtils.java
@@ -57,8 +57,12 @@ public class MessageUtils {
return result;
}
- private final static String regexUrl =
- "((?<=\\s)|(?<=\\A))((?:ht|f)tps?://(?:www\\.)?([^\\/\\s\\n\\\"]+)/?[^\\s\\n\\\"]*)";
+ private final static String urlWhiteSpacePrefix = "((?<=\\s)|(?<=\\A))";
+
+ private final static String urlRegex = "((?:ht|f)tps?://(?:www\\.)?([^\\/\\s\\n\\\"]+)/?[^\\s\\n\\\"\\>]*)";
+
+ private final static String urlWithWhitespacesRegex =
+ urlWhiteSpacePrefix + urlRegex;
private final static Pattern regexLinks2 = Pattern.compile("((?<=\\s)|(?<=\\A))([\\[\\{]|<)((?:ht|f)tps?://(?:www\\.)?([^\\/\\s\\\"\\)\\!]+)/?(?:[^\\]\\}](?http://juick.com/last?page=2
- msg = msg.replaceAll(regexUrl, "$1$2");
+ msg = msg.replaceAll(urlWithWhitespacesRegex, "$1$2");
// (http://juick.com/last?page=2)
// (http://juick.com/last?page=2)
@@ -96,7 +100,7 @@ public class MessageUtils {
// http://juick.com/last?page=2
// juick.com
- msg = msg.replaceAll(regexUrl, "$1$3");
+ msg = msg.replaceAll(urlWithWhitespacesRegex, "$1$3");
// [link text][http://juick.com/last?page=2]
// link text
@@ -276,7 +280,7 @@ public class MessageUtils {
public static String stripNonSafeUrls(String input) {
// strip login urls
- Matcher urlMatcher = Pattern.compile(MessageUtils.regexUrl).matcher(input);
+ Matcher urlMatcher = Pattern.compile(MessageUtils.urlRegex).matcher(input);
while (urlMatcher.find()) {
URI uri = URI.create(urlMatcher.group(0));
if (uri.getHost().equals("juick.com")) {
--
cgit v1.2.3