mirrors/shlink
1
0
Fork 0
mirror of https://github.com/shlinkio/shlink.git synced 2025-03-29 04:52:54 +03:00
Code Issues Projects Releases Packages Wiki Activity

Fixed URL validation still being true by default

Browse source
This commit is contained in:
Alejandro Celaya 2022-02-01 19:12:53 +01:00
parent 48d3ab0cb4
commit 9ea8f3b590
11 changed files with 26 additions and 56 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config/constants.php
View file

@ -12,7 +12,7 @@ const MIN_SHORT_CODES_LENGTH = 4;
const DEFAULT_REDIRECT_STATUS_CODE = StatusCodeInterface::STATUS_FOUND; const DEFAULT_REDIRECT_STATUS_CODE = StatusCodeInterface::STATUS_FOUND;
const DEFAULT_REDIRECT_CACHE_LIFETIME = 30; const DEFAULT_REDIRECT_CACHE_LIFETIME = 30;
const LOCAL_LOCK_FACTORY = 'Shlinkio\Shlink\LocalLockFactory'; const LOCAL_LOCK_FACTORY = 'Shlinkio\Shlink\LocalLockFactory';
const TITLE_TAG_VALUE = '/<title[^>]*>(.*?)<\/title>/i'; // Matches the value inside an html title tag const TITLE_TAG_VALUE = '/<title[^>]*>(.*?)<\/title>/i'; // Matches the value inside a html title tag
const DEFAULT_QR_CODE_SIZE = 300; const DEFAULT_QR_CODE_SIZE = 300;
const DEFAULT_QR_CODE_MARGIN = 0; const DEFAULT_QR_CODE_MARGIN = 0;
const DEFAULT_QR_CODE_FORMAT = 'png'; const DEFAULT_QR_CODE_FORMAT = 'png';

6
module/Core/src/Model/ShortUrlEdit.php
View file

@ -29,7 +29,7 @@ final class ShortUrlEdit implements TitleResolutionModelInterface
private bool $titlePropWasProvided = false; private bool $titlePropWasProvided = false;
private ?string $title = null; private ?string $title = null;
private bool $titleWasAutoResolved = false; private bool $titleWasAutoResolved = false;
private ?bool $validateUrl = null; private bool $validateUrl = false;
private bool $crawlablePropWasProvided = false; private bool $crawlablePropWasProvided = false;
private bool $crawlable = false; private bool $crawlable = false;
private bool $forwardQueryPropWasProvided = false; private bool $forwardQueryPropWasProvided = false;
@ -72,7 +72,7 @@ final class ShortUrlEdit implements TitleResolutionModelInterface
$this->validSince = parseDateField($inputFilter->getValue(ShortUrlInputFilter::VALID_SINCE)); $this->validSince = parseDateField($inputFilter->getValue(ShortUrlInputFilter::VALID_SINCE));
$this->validUntil = parseDateField($inputFilter->getValue(ShortUrlInputFilter::VALID_UNTIL)); $this->validUntil = parseDateField($inputFilter->getValue(ShortUrlInputFilter::VALID_UNTIL));
$this->maxVisits = getOptionalIntFromInputFilter($inputFilter, ShortUrlInputFilter::MAX_VISITS); $this->maxVisits = getOptionalIntFromInputFilter($inputFilter, ShortUrlInputFilter::MAX_VISITS);
$this->validateUrl = getOptionalBoolFromInputFilter($inputFilter, ShortUrlInputFilter::VALIDATE_URL); $this->validateUrl = getOptionalBoolFromInputFilter($inputFilter, ShortUrlInputFilter::VALIDATE_URL) ?? false;
$this->tags = $inputFilter->getValue(ShortUrlInputFilter::TAGS); $this->tags = $inputFilter->getValue(ShortUrlInputFilter::TAGS);
$this->title = $inputFilter->getValue(ShortUrlInputFilter::TITLE); $this->title = $inputFilter->getValue(ShortUrlInputFilter::TITLE);
$this->crawlable = $inputFilter->getValue(ShortUrlInputFilter::CRAWLABLE); $this->crawlable = $inputFilter->getValue(ShortUrlInputFilter::CRAWLABLE);
@ -166,7 +166,7 @@ final class ShortUrlEdit implements TitleResolutionModelInterface
return $copy; return $copy;
} }
public function doValidateUrl(): ?bool public function doValidateUrl(): bool
{ {
return $this->validateUrl; return $this->validateUrl;
} }

6
module/Core/src/Model/ShortUrlMeta.php
View file

@ -26,7 +26,7 @@ final class ShortUrlMeta implements TitleResolutionModelInterface
private ?bool $findIfExists = null; private ?bool $findIfExists = null;
private ?string $domain = null; private ?string $domain = null;
private int $shortCodeLength = 5; private int $shortCodeLength = 5;
private ?bool $validateUrl = null; private bool $validateUrl = false;
private ?ApiKey $apiKey = null; private ?ApiKey $apiKey = null;
private array $tags = []; private array $tags = [];
private ?string $title = null; private ?string $title = null;
@ -73,7 +73,7 @@ final class ShortUrlMeta implements TitleResolutionModelInterface
$this->customSlug = $inputFilter->getValue(ShortUrlInputFilter::CUSTOM_SLUG); $this->customSlug = $inputFilter->getValue(ShortUrlInputFilter::CUSTOM_SLUG);
$this->maxVisits = getOptionalIntFromInputFilter($inputFilter, ShortUrlInputFilter::MAX_VISITS); $this->maxVisits = getOptionalIntFromInputFilter($inputFilter, ShortUrlInputFilter::MAX_VISITS);
$this->findIfExists = $inputFilter->getValue(ShortUrlInputFilter::FIND_IF_EXISTS); $this->findIfExists = $inputFilter->getValue(ShortUrlInputFilter::FIND_IF_EXISTS);
$this->validateUrl = getOptionalBoolFromInputFilter($inputFilter, ShortUrlInputFilter::VALIDATE_URL); $this->validateUrl = getOptionalBoolFromInputFilter($inputFilter, ShortUrlInputFilter::VALIDATE_URL) ?? false;
$this->domain = $inputFilter->getValue(ShortUrlInputFilter::DOMAIN); $this->domain = $inputFilter->getValue(ShortUrlInputFilter::DOMAIN);
$this->shortCodeLength = getOptionalIntFromInputFilter( $this->shortCodeLength = getOptionalIntFromInputFilter(
$inputFilter, $inputFilter,
@ -151,7 +151,7 @@ final class ShortUrlMeta implements TitleResolutionModelInterface
return $this->shortCodeLength; return $this->shortCodeLength;
} }
public function doValidateUrl(): ?bool public function doValidateUrl(): bool
{ {
return $this->validateUrl; return $this->validateUrl;
} }

11
module/Core/src/Options/UrlShortenerOptions.php
View file

@ -10,20 +10,9 @@ class UrlShortenerOptions extends AbstractOptions
{ {
protected $__strictMode__ = false; // phpcs:ignore protected $__strictMode__ = false; // phpcs:ignore
private bool $validateUrl = true;
private bool $autoResolveTitles = false; private bool $autoResolveTitles = false;
private bool $appendExtraPath = false; private bool $appendExtraPath = false;
public function isUrlValidationEnabled(): bool
{
return $this->validateUrl;
}
protected function setValidateUrl(bool $validateUrl): void
{
$this->validateUrl = $validateUrl;
}
public function autoResolveTitles(): bool public function autoResolveTitles(): bool
{ {
return $this->autoResolveTitles; return $this->autoResolveTitles;

2
module/Core/src/ShortUrl/Helper/TitleResolutionModelInterface.php
View file

@ -10,7 +10,7 @@ interface TitleResolutionModelInterface
public function getLongUrl(): string; public function getLongUrl(): string;
public function doValidateUrl(): ?bool; public function doValidateUrl(): bool;
public function withResolvedTitle(string $title): self; public function withResolvedTitle(string $title): self;
} }

9
module/Core/src/Util/UrlValidator.php
View file

@ -30,10 +30,8 @@ class UrlValidator implements UrlValidatorInterface, RequestMethodInterface
/** /**
* @throws InvalidUrlException * @throws InvalidUrlException
*/ */
public function validateUrl(string $url, ?bool $doValidate): void public function validateUrl(string $url, bool $doValidate): void
{ {
// If the URL validation is not enabled, or it was explicitly set to not validate, skip check
$doValidate = $doValidate ?? $this->options->isUrlValidationEnabled();
if (! $doValidate) { if (! $doValidate) {
return; return;
} }
@ -41,15 +39,14 @@ class UrlValidator implements UrlValidatorInterface, RequestMethodInterface
$this->validateUrlAndGetResponse($url, true); $this->validateUrlAndGetResponse($url, true);
} }
public function validateUrlWithTitle(string $url, ?bool $doValidate): ?string public function validateUrlWithTitle(string $url, bool $doValidate): ?string
{ {
$doValidate = $doValidate ?? $this->options->isUrlValidationEnabled();
if (! $doValidate && ! $this->options->autoResolveTitles()) { if (! $doValidate && ! $this->options->autoResolveTitles()) {
return null; return null;
} }
$response = $this->validateUrlAndGetResponse($url, $doValidate); $response = $this->validateUrlAndGetResponse($url, $doValidate);
if ($response === null) { if ($response === null || ! $this->options->autoResolveTitles()) {
return null; return null;
} }

4
module/Core/src/Util/UrlValidatorInterface.php
View file

@ -11,10 +11,10 @@ interface UrlValidatorInterface
/** /**
* @throws InvalidUrlException * @throws InvalidUrlException
*/ */
public function validateUrl(string $url, ?bool $doValidate): void; public function validateUrl(string $url, bool $doValidate): void;
/** /**
* @throws InvalidUrlException * @throws InvalidUrlException
*/ */
public function validateUrlWithTitle(string $url, ?bool $doValidate): ?string; public function validateUrlWithTitle(string $url, bool $doValidate): ?string;
} }

4
module/Core/test/ShortUrl/Helper/ShortUrlTitleResolutionHelperTest.php
View file

@ -35,10 +35,10 @@ class ShortUrlTitleResolutionHelperTest extends TestCase
ShortUrlMeta::fromRawData(['longUrl' => $longUrl, 'title' => $title]), ShortUrlMeta::fromRawData(['longUrl' => $longUrl, 'title' => $title]),
); );
$this->urlValidator->validateUrlWithTitle($longUrl, null)->shouldHaveBeenCalledTimes( $this->urlValidator->validateUrlWithTitle($longUrl, false)->shouldHaveBeenCalledTimes(
$validateWithTitleCallsNum, $validateWithTitleCallsNum,
); );
$this->urlValidator->validateUrl($longUrl, null)->shouldHaveBeenCalledTimes($validateCallsNum); $this->urlValidator->validateUrl($longUrl, false)->shouldHaveBeenCalledTimes($validateCallsNum);
} }
public function provideTitles(): iterable public function provideTitles(): iterable

35
module/Core/test/Util/UrlValidatorTest.php
View file

@ -42,7 +42,7 @@ class UrlValidatorTest extends TestCase
$request->shouldBeCalledOnce(); $request->shouldBeCalledOnce();
$this->expectException(InvalidUrlException::class); $this->expectException(InvalidUrlException::class);
$this->urlValidator->validateUrl('http://foobar.com/12345/hello?foo=bar', null); $this->urlValidator->validateUrl('http://foobar.com/12345/hello?foo=bar', true);
} }
/** @test */ /** @test */
@ -65,50 +65,33 @@ class UrlValidatorTest extends TestCase
}), }),
)->willReturn(new Response()); )->willReturn(new Response());
$this->urlValidator->validateUrl($expectedUrl, null); $this->urlValidator->validateUrl($expectedUrl, true);
$request->shouldHaveBeenCalledOnce(); $request->shouldHaveBeenCalledOnce();
} }
/** /** @test */
* @test public function noCheckIsPerformedWhenUrlValidationIsDisabled(): void
* @dataProvider provideDisabledCombinations
*/
public function noCheckIsPerformedWhenUrlValidationIsDisabled(?bool $doValidate, bool $validateUrl): void
{ {
$request = $this->httpClient->request(Argument::cetera())->willReturn(new Response()); $request = $this->httpClient->request(Argument::cetera())->willReturn(new Response());
$this->options->validateUrl = $validateUrl;
$this->urlValidator->validateUrl('', $doValidate); $this->urlValidator->validateUrl('', false);
$request->shouldNotHaveBeenCalled(); $request->shouldNotHaveBeenCalled();
} }
/** /** @test */
* @test public function validateUrlWithTitleReturnsNullWhenRequestFailsAndValidationIsDisabled(): void
* @dataProvider provideDisabledCombinations {
*/
public function validateUrlWithTitleReturnsNullWhenRequestFailsAndValidationIsDisabled(
?bool $doValidate,
bool $validateUrl,
): void {
$request = $this->httpClient->request(Argument::cetera())->willThrow(ClientException::class); $request = $this->httpClient->request(Argument::cetera())->willThrow(ClientException::class);
$this->options->validateUrl = $validateUrl;
$this->options->autoResolveTitles = true; $this->options->autoResolveTitles = true;
$result = $this->urlValidator->validateUrlWithTitle('http://foobar.com/12345/hello?foo=bar', $doValidate); $result = $this->urlValidator->validateUrlWithTitle('http://foobar.com/12345/hello?foo=bar', false);
self::assertNull($result); self::assertNull($result);
$request->shouldHaveBeenCalledOnce(); $request->shouldHaveBeenCalledOnce();
} }
public function provideDisabledCombinations(): iterable
{
yield 'config is disabled and no runtime option is provided' => [null, false];
yield 'config is enabled but runtime option is disabled' => [false, true];
yield 'both config and runtime option are disabled' => [false, false];
}
/** @test */ /** @test */
public function validateUrlWithTitleReturnsNullWhenAutoResolutionIsDisabled(): void public function validateUrlWithTitleReturnsNullWhenAutoResolutionIsDisabled(): void
{ {

2
module/Rest/test-api/Action/CreateShortUrlTest.php
View file

@ -230,7 +230,7 @@ class CreateShortUrlTest extends ApiTestCase
{ {
$expectedDetail = sprintf('Provided URL %s is invalid. Try with a different one.', $url); $expectedDetail = sprintf('Provided URL %s is invalid. Try with a different one.', $url);
[$statusCode, $payload] = $this->createShortUrl(['longUrl' => $url]); [$statusCode, $payload] = $this->createShortUrl(['longUrl' => $url, 'validateUrl' => true]);
self::assertEquals(self::STATUS_BAD_REQUEST, $statusCode); self::assertEquals(self::STATUS_BAD_REQUEST, $statusCode);
self::assertEquals(self::STATUS_BAD_REQUEST, $payload['status']); self::assertEquals(self::STATUS_BAD_REQUEST, $payload['status']);

1
module/Rest/test-api/Action/EditShortUrlTest.php
View file

@ -82,6 +82,7 @@ class EditShortUrlTest extends ApiTestCase
$resp = $this->callApiWithKey(self::METHOD_PATCH, $url, [RequestOptions::JSON => [ $resp = $this->callApiWithKey(self::METHOD_PATCH, $url, [RequestOptions::JSON => [
'longUrl' => $longUrl, 'longUrl' => $longUrl,
'validateUrl' => true,
]]); ]]);
self::assertEquals($expectedStatus, $resp->getStatusCode()); self::assertEquals($expectedStatus, $resp->getStatusCode());