mir/kotatogram-desktop
2
0
Fork 0
mirror of https://github.com/kotatogram/kotatogram-desktop synced 2025-09-04 00:25:17 +00:00
Code Issues Releases Wiki Activity

Don't accept tg:// links in passport callbacks.

Browse Source 
Fixes #5021.
This commit is contained in:
John Preston
2018-07-31 22:51:06 +03:00
parent ae272074b9
commit 90f4187ca9
4 changed files with 49 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
Telegram/SourceFiles/chat_helpers/message_field.cpp
View File

@@ -9,6 +9,7 @@ https://github.com/telegramdesktop/tdesktop/blob/master/LEGAL
#include "history/history_widget.h"
#include "base/qthelp_regex.h"
#include "base/qthelp_url.h"
#include "boxes/abstract_box.h"
#include "ui/wrap/vertical_layout.h"
#include "window/window_controller.h"
@@ -72,40 +73,6 @@ private:
};
QRegularExpression RegExpProtocol() {
static const auto result = QRegularExpression("^([a-zA-Z]+)://");
return result;
}
bool IsGoodProtocol(const QString &protocol) {
const auto equals = [&](QLatin1String string) {
return protocol.compare(string, Qt::CaseInsensitive) == 0;
};
return equals(qstr("http"))
|| equals(qstr("https"))
|| equals(qstr("tg"));
}
QString NormalizeUrl(const QString &value) {
const auto trimmed = value.trimmed();
if (trimmed.isEmpty()) {
return QString();
}
const auto match = TextUtilities::RegExpDomainExplicit().match(trimmed);
if (!match.hasMatch()) {
const auto domain = TextUtilities::RegExpDomain().match(trimmed);
if (!domain.hasMatch() || domain.capturedStart() != 0) {
return QString();
}
return qstr("http://") + trimmed;
} else if (match.capturedStart() != 0) {
return QString();
}
const auto protocolMatch = RegExpProtocol().match(trimmed);
Assert(protocolMatch.hasMatch());
return IsGoodProtocol(protocolMatch.captured(1)) ? trimmed : QString();
}
//bool ValidateUrl(const QString &value) {
// const auto match = TextUtilities::RegExpDomain().match(value);
// if (!match.hasMatch() || match.capturedStart() != 0) {
@@ -156,7 +123,7 @@ void EditLinkBox::prepare() {
const auto submit = [=] {
const auto linkText = text->getLastText();
const auto linkUrl = NormalizeUrl(url->getLastText());
const auto linkUrl = qthelp::validate_url(url->getLastText());
if (linkText.isEmpty()) {
text->showError();
return;