mirror of
https://github.com/pi-hole/pi-hole
synced 2024-12-31 19:20:54 +00:00
validate blocklist URL before adding to the database (#3237)
Signed-off-by: Adam Warner <me@adamwarner.co.uk> Co-authored-by: DL6ER <dl6er@dl6er.de>
This commit is contained in:
parent
0fad979206
commit
7d19ee1b25
@ -401,22 +401,38 @@ SetWebUILayout() {
|
|||||||
change_setting "WEBUIBOXEDLAYOUT" "${args[2]}"
|
change_setting "WEBUIBOXEDLAYOUT" "${args[2]}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CheckUrl(){
|
||||||
|
local regex
|
||||||
|
# Check for characters NOT allowed in URLs
|
||||||
|
regex="[^a-zA-Z0-9:/?&%=~._-]"
|
||||||
|
if [[ "${1}" =~ ${regex} ]]; then
|
||||||
|
return 1
|
||||||
|
else
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
CustomizeAdLists() {
|
CustomizeAdLists() {
|
||||||
local address
|
local address
|
||||||
address="${args[3]}"
|
address="${args[3]}"
|
||||||
local comment
|
local comment
|
||||||
comment="${args[4]}"
|
comment="${args[4]}"
|
||||||
|
|
||||||
if [[ "${args[2]}" == "enable" ]]; then
|
if CheckUrl "${address}"; then
|
||||||
sqlite3 "${gravityDBfile}" "UPDATE adlist SET enabled = 1 WHERE address = '${address}'"
|
if [[ "${args[2]}" == "enable" ]]; then
|
||||||
elif [[ "${args[2]}" == "disable" ]]; then
|
sqlite3 "${gravityDBfile}" "UPDATE adlist SET enabled = 1 WHERE address = '${address}'"
|
||||||
sqlite3 "${gravityDBfile}" "UPDATE adlist SET enabled = 0 WHERE address = '${address}'"
|
elif [[ "${args[2]}" == "disable" ]]; then
|
||||||
elif [[ "${args[2]}" == "add" ]]; then
|
sqlite3 "${gravityDBfile}" "UPDATE adlist SET enabled = 0 WHERE address = '${address}'"
|
||||||
sqlite3 "${gravityDBfile}" "INSERT OR IGNORE INTO adlist (address, comment) VALUES ('${address}', '${comment}')"
|
elif [[ "${args[2]}" == "add" ]]; then
|
||||||
elif [[ "${args[2]}" == "del" ]]; then
|
sqlite3 "${gravityDBfile}" "INSERT OR IGNORE INTO adlist (address, comment) VALUES ('${address}', '${comment}')"
|
||||||
sqlite3 "${gravityDBfile}" "DELETE FROM adlist WHERE address = '${address}'"
|
elif [[ "${args[2]}" == "del" ]]; then
|
||||||
|
sqlite3 "${gravityDBfile}" "DELETE FROM adlist WHERE address = '${address}'"
|
||||||
|
else
|
||||||
|
echo "Not permitted"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
echo "Not permitted"
|
echo "Invalid Url"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -374,7 +374,14 @@ gravity_DownloadBlocklists() {
|
|||||||
esac
|
esac
|
||||||
|
|
||||||
echo -e " ${INFO} Target: ${url}"
|
echo -e " ${INFO} Target: ${url}"
|
||||||
gravity_DownloadBlocklistFromUrl "${url}" "${cmd_ext}" "${agent}" "${sourceIDs[$i]}" "${saveLocation}" "${target}"
|
local regex
|
||||||
|
# Check for characters NOT allowed in URLs
|
||||||
|
regex="[^a-zA-Z0-9:/?&%=~._-]"
|
||||||
|
if [[ "${url}" =~ ${regex} ]]; then
|
||||||
|
echo -e " ${CROSS} Invalid Target"
|
||||||
|
else
|
||||||
|
gravity_DownloadBlocklistFromUrl "${url}" "${cmd_ext}" "${agent}" "${sourceIDs[$i]}" "${saveLocation}" "${target}"
|
||||||
|
fi
|
||||||
echo ""
|
echo ""
|
||||||
done
|
done
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user