1
0
mirror of https://github.com/pi-hole/pi-hole synced 2024-12-22 14:58:08 +00:00

Merge pull request #3912 from mdujava/basic_auth

Fix validation of adlist url
This commit is contained in:
DL6ER 2020-12-31 12:19:32 +01:00 committed by GitHub
commit 1791fe22f6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 5 deletions

View File

@ -486,10 +486,15 @@ SetWebUITheme() {
} }
CheckUrl(){ CheckUrl(){
local regex local regex check_url
# Check for characters NOT allowed in URLs # Check for characters NOT allowed in URLs
regex="[^a-zA-Z0-9:/?&%=~._-]" regex="[^a-zA-Z0-9:/?&%=~._()-;]"
if [[ "${1}" =~ ${regex} ]]; then
# this will remove first @ that is after schema and before domain
# \1 is optional schema, \2 is userinfo
check_url="$( sed -re 's#([^:/]*://)?([^/]+)@#\1\2#' <<< "$1" )"
if [[ "${check_url}" =~ ${regex} ]]; then
return 1 return 1
else else
return 0 return 0

View File

@ -393,10 +393,15 @@ gravity_DownloadBlocklists() {
esac esac
echo -e " ${INFO} Target: ${url}" echo -e " ${INFO} Target: ${url}"
local regex local regex check_url
# Check for characters NOT allowed in URLs # Check for characters NOT allowed in URLs
regex="[^a-zA-Z0-9:/?&%=~._()-;]" regex="[^a-zA-Z0-9:/?&%=~._()-;]"
if [[ "${url}" =~ ${regex} ]]; then
# this will remove first @ that is after schema and before domain
# \1 is optional schema, \2 is userinfo
check_url="$( sed -re 's#([^:/]*://)?([^/]+)@#\1\2#' <<< "$url" )"
if [[ "${check_url}" =~ ${regex} ]]; then
echo -e " ${CROSS} Invalid Target" echo -e " ${CROSS} Invalid Target"
else else
gravity_DownloadBlocklistFromUrl "${url}" "${cmd_ext}" "${agent}" "${sourceIDs[$i]}" "${saveLocation}" "${target}" "${compression}" gravity_DownloadBlocklistFromUrl "${url}" "${cmd_ext}" "${agent}" "${sourceIDs[$i]}" "${saveLocation}" "${target}" "${compression}"