From f6c586986d0b95aecfe3388c24848103981c5326 Mon Sep 17 00:00:00 2001 From: sooraj Date: Fri, 30 Sep 2022 15:58:56 +0530 Subject: [PATCH 1/8] sanitized url in url Validation --- src/Appwrite/Network/Validator/URL.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/Appwrite/Network/Validator/URL.php b/src/Appwrite/Network/Validator/URL.php index b0f8fa230..66099ba34 100644 --- a/src/Appwrite/Network/Validator/URL.php +++ b/src/Appwrite/Network/Validator/URL.php @@ -49,7 +49,13 @@ class URL extends Validator */ public function isValid($value): bool { - if (\filter_var($value, FILTER_VALIDATE_URL) === false) { + $sanitized_url = ''; + + foreach (str_split($value) as $character) { + $sanitized_url .= (ord($character) > 127) ? rawurlencode($character) : $character; + } + + if (\filter_var($sanitized_url, FILTER_VALIDATE_URL) === false) { return false; } From 91f16121d1f87ab3a9514d839d409faf986eb9cc Mon Sep 17 00:00:00 2001 From: sooraj Date: Fri, 30 Sep 2022 18:10:02 +0530 Subject: [PATCH 2/8] adding a test --- tests/unit/Network/Validators/URLTest.php | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/unit/Network/Validators/URLTest.php b/tests/unit/Network/Validators/URLTest.php index da0acceca..332cd0c98 100755 --- a/tests/unit/Network/Validators/URLTest.php +++ b/tests/unit/Network/Validators/URLTest.php @@ -36,6 +36,7 @@ class URLTest extends TestCase $this->assertEquals('Value must be a valid URL', $this->url->getDescription()); $this->assertEquals(true, $this->url->isValid('http://example.com')); $this->assertEquals(true, $this->url->isValid('https://example.com')); + $this->assertEquals(true, $this->url->isValid('https://exämple.com')); $this->assertEquals(true, $this->url->isValid('htts://example.com')); // does not validate protocol $this->assertEquals(false, $this->url->isValid('example.com')); // though, requires some kind of protocol $this->assertEquals(false, $this->url->isValid('http:/example.com')); From 0bae88311edec72020480380a669a6901483f269 Mon Sep 17 00:00:00 2001 From: Christy Jacob Date: Mon, 3 Oct 2022 15:30:47 +0530 Subject: [PATCH 3/8] Update PULL_REQUEST_TEMPLATE.md --- .github/PULL_REQUEST_TEMPLATE.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index faa18b5ab..0ff9c2b09 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -21,6 +21,11 @@ Happy contributing! (If this PR is related to any other PR or resolves any issue or related to any issue link all related PR and issues here.) +### Have you added your change to the [Changelog](https://github.com/appwrite/appwrite/blob/master/CHANGES.md)? + +(The CHANGES.md file tracks all the changes that make it to the `main` branch. Add your change to this file in the following format ) +- One line description of your PR [#pr_number](Link to your PR) + ### Have you read the [Contributing Guidelines on issues](https://github.com/appwrite/appwrite/blob/master/CONTRIBUTING.md)? (Write your answer here.) From 73c144a75fe86e2f9949f4285729717a11ed410e Mon Sep 17 00:00:00 2001 From: Christy Jacob Date: Tue, 4 Oct 2022 12:29:52 +0530 Subject: [PATCH 4/8] Update .github/PULL_REQUEST_TEMPLATE.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Matej Bačo --- .github/PULL_REQUEST_TEMPLATE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 0ff9c2b09..8522022bd 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -23,7 +23,7 @@ Happy contributing! ### Have you added your change to the [Changelog](https://github.com/appwrite/appwrite/blob/master/CHANGES.md)? -(The CHANGES.md file tracks all the changes that make it to the `main` branch. Add your change to this file in the following format ) +(The CHANGES.md file tracks all the changes that make it to the `main` branch. Add your change to this file in the following format) - One line description of your PR [#pr_number](Link to your PR) ### Have you read the [Contributing Guidelines on issues](https://github.com/appwrite/appwrite/blob/master/CONTRIBUTING.md)? From 62f63923c15b978f7e325df3e0f80b5ad65eeb62 Mon Sep 17 00:00:00 2001 From: sooraj Date: Wed, 5 Oct 2022 19:40:05 +0530 Subject: [PATCH 5/8] new test case --- tests/unit/Network/Validators/URLTest.php | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/unit/Network/Validators/URLTest.php b/tests/unit/Network/Validators/URLTest.php index 332cd0c98..22455130b 100755 --- a/tests/unit/Network/Validators/URLTest.php +++ b/tests/unit/Network/Validators/URLTest.php @@ -52,6 +52,7 @@ class URLTest extends TestCase $this->assertEquals('Value must be a valid URL with following schemes (http, https)', $this->url->getDescription()); $this->assertEquals(true, $this->url->isValid('http://example.com')); $this->assertEquals(true, $this->url->isValid('https://example.com')); + $this->assertEquals(true, $this->url->isValid('https://exämple.com')); $this->assertEquals(false, $this->url->isValid('gopher://www.example.com')); } } From 3a2d6da052000538bd60af07ee1e156a58505051 Mon Sep 17 00:00:00 2001 From: sooraj Date: Fri, 7 Oct 2022 06:11:38 +0530 Subject: [PATCH 6/8] sanitized_url add in parse url --- src/Appwrite/Network/Validator/URL.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Appwrite/Network/Validator/URL.php b/src/Appwrite/Network/Validator/URL.php index 66099ba34..9f10f7402 100644 --- a/src/Appwrite/Network/Validator/URL.php +++ b/src/Appwrite/Network/Validator/URL.php @@ -59,7 +59,7 @@ class URL extends Validator return false; } - if (!empty($this->allowedSchemes) && !\in_array(\parse_url($value, PHP_URL_SCHEME), $this->allowedSchemes)) { + if (!empty($this->allowedSchemes) && !\in_array(\parse_url($sanitized_url, PHP_URL_SCHEME), $this->allowedSchemes)) { return false; } From 49c0c2d9962a00095bb196882c9706697ba86e74 Mon Sep 17 00:00:00 2001 From: sooraj Date: Fri, 7 Oct 2022 07:39:22 +0530 Subject: [PATCH 7/8] change test case --- tests/unit/Network/Validators/URLTest.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/unit/Network/Validators/URLTest.php b/tests/unit/Network/Validators/URLTest.php index 22455130b..bc43f2562 100755 --- a/tests/unit/Network/Validators/URLTest.php +++ b/tests/unit/Network/Validators/URLTest.php @@ -36,7 +36,6 @@ class URLTest extends TestCase $this->assertEquals('Value must be a valid URL', $this->url->getDescription()); $this->assertEquals(true, $this->url->isValid('http://example.com')); $this->assertEquals(true, $this->url->isValid('https://example.com')); - $this->assertEquals(true, $this->url->isValid('https://exämple.com')); $this->assertEquals(true, $this->url->isValid('htts://example.com')); // does not validate protocol $this->assertEquals(false, $this->url->isValid('example.com')); // though, requires some kind of protocol $this->assertEquals(false, $this->url->isValid('http:/example.com')); @@ -44,6 +43,7 @@ class URLTest extends TestCase $this->assertEquals(false, $this->url->isValid('htt@s://example.com')); $this->assertEquals(true, $this->url->isValid('http://www.example.com/foo%2\u00c2\u00a9zbar')); $this->assertEquals(true, $this->url->isValid('http://www.example.com/?q=%3Casdf%3E')); + $this->assertEquals(true, $this->url->isValid('https://example.com/foo%2\u00c2\u00ä9zbär')); } public function testIsValidAllowedSchemes(): void @@ -52,7 +52,6 @@ class URLTest extends TestCase $this->assertEquals('Value must be a valid URL with following schemes (http, https)', $this->url->getDescription()); $this->assertEquals(true, $this->url->isValid('http://example.com')); $this->assertEquals(true, $this->url->isValid('https://example.com')); - $this->assertEquals(true, $this->url->isValid('https://exämple.com')); $this->assertEquals(false, $this->url->isValid('gopher://www.example.com')); } } From 5958577a6ea400cb79add6e12728151f4534a24d Mon Sep 17 00:00:00 2001 From: sooraj Date: Sat, 8 Oct 2022 06:31:28 +0530 Subject: [PATCH 8/8] camel case update --- src/Appwrite/Network/Validator/URL.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Appwrite/Network/Validator/URL.php b/src/Appwrite/Network/Validator/URL.php index 9f10f7402..40a12420f 100644 --- a/src/Appwrite/Network/Validator/URL.php +++ b/src/Appwrite/Network/Validator/URL.php @@ -49,17 +49,17 @@ class URL extends Validator */ public function isValid($value): bool { - $sanitized_url = ''; + $sanitizedURL = ''; foreach (str_split($value) as $character) { - $sanitized_url .= (ord($character) > 127) ? rawurlencode($character) : $character; + $sanitizedURL .= (ord($character) > 127) ? rawurlencode($character) : $character; } - if (\filter_var($sanitized_url, FILTER_VALIDATE_URL) === false) { + if (\filter_var($sanitizedURL, FILTER_VALIDATE_URL) === false) { return false; } - if (!empty($this->allowedSchemes) && !\in_array(\parse_url($sanitized_url, PHP_URL_SCHEME), $this->allowedSchemes)) { + if (!empty($this->allowedSchemes) && !\in_array(\parse_url($sanitizedURL, PHP_URL_SCHEME), $this->allowedSchemes)) { return false; }