diff options
author | Joas Schilling <coding@schilljs.com> | 2021-10-28 12:48:04 +0300 |
---|---|---|
committer | Joas Schilling <coding@schilljs.com> | 2021-11-03 17:00:14 +0300 |
commit | 8d73f7341de7ba2aa5ae72dabe2ee9742cb091ae (patch) | |
tree | 19563096e37845e8edf03580fa0b8dff22b99786 /lib | |
parent | 3b3fc8b25ae3af36129dca21134ad96285b826b8 (diff) |
Use public API of trusted domain helper
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Controller/ChatController.php | 16 |
1 files changed, 5 insertions, 11 deletions
diff --git a/lib/Controller/ChatController.php b/lib/Controller/ChatController.php index f82d2fd08..4bd64c9d8 100644 --- a/lib/Controller/ChatController.php +++ b/lib/Controller/ChatController.php @@ -24,7 +24,6 @@ declare(strict_types=1); namespace OCA\Talk\Controller; -use OC\Security\TrustedDomainHelper; use OCA\Talk\Chat\AutoComplete\SearchPlugin; use OCA\Talk\Chat\AutoComplete\Sorter; use OCA\Talk\Chat\ChatManager; @@ -53,6 +52,7 @@ use OCP\IRequest; use OCP\IUserManager; use OCP\RichObjectStrings\InvalidObjectExeption; use OCP\RichObjectStrings\IValidator; +use OCP\Security\ITrustedDomainHelper; use OCP\User\Events\UserLiveStatusEvent; use OCP\UserStatus\IManager as IUserStatusManager; use OCP\UserStatus\IUserStatus; @@ -110,7 +110,7 @@ class ChatController extends AEnvironmentAwareController { /** @var IValidator */ protected $richObjectValidator; - /** @var TrustedDomainHelper */ + /** @var ITrustedDomainHelper */ protected $trustedDomainHelper; /** @var IL10N */ @@ -134,7 +134,7 @@ class ChatController extends AEnvironmentAwareController { ITimeFactory $timeFactory, IEventDispatcher $eventDispatcher, IValidator $richObjectValidator, - TrustedDomainHelper $trustedDomainHelper, + ITrustedDomainHelper $trustedDomainHelper, IL10N $l) { parent::__construct($appName, $request); @@ -291,14 +291,8 @@ class ChatController extends AEnvironmentAwareController { $data['type'] = $objectType; $data['id'] = $objectId; - if (isset($data['link'])) { - $parsedUrl = parse_url($data['link']); - $domain = $parsedUrl['host'] ?? ''; - $domain .= isset($parsedUrl['port']) && $parsedUrl['port'] ? (':' . $parsedUrl['port']) : ''; - - if (!$this->trustedDomainHelper->isTrustedDomain($domain)) { - return new DataResponse([], Http::STATUS_BAD_REQUEST); - } + if (isset($data['link']) && !$this->trustedDomainHelper->isTrustedUrl($data['link'])) { + return new DataResponse([], Http::STATUS_BAD_REQUEST); } try { |