diff options
| author | Joas Schilling <coding@schilljs.com> | 2021-09-13 14:10:05 +0300 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2021-09-17 09:53:10 +0300 |
| commit | 11903a58d39438099be4472549f8feb6f28f0a56 (patch) | |
| tree | 211f4e74df570f76570971da3b98b29abfee704b /lib | |
| parent | e1b24233569744c9920689921c9cd79509d0a436 (diff) | |
Add some validation to the geo location id
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Chat/ChatManager.php | 2 | ||||
| -rw-r--r-- | lib/Chat/Parser/SystemMessage.php | 9 | ||||
| -rw-r--r-- | lib/Controller/ChatController.php | 5 |
3 files changed, 16 insertions, 0 deletions
diff --git a/lib/Chat/ChatManager.php b/lib/Chat/ChatManager.php index c7de834b3..627af40fa 100644 --- a/lib/Chat/ChatManager.php +++ b/lib/Chat/ChatManager.php @@ -62,6 +62,8 @@ class ChatManager { public const MAX_CHAT_LENGTH = 32000; + public const GEO_LOCATION_VALIDATOR = '/^geo:-?\d{1,2}(\.\d+)?,-?\d{1,3}(\.\d+)?(,-?\d+(\.\d+)?)?(;crs=wgs84)?(;u=\d+(\.\d+)?)?$/i'; + /** @var ICommentsManager */ private $commentsManager; /** @var IEventDispatcher */ diff --git a/lib/Chat/Parser/SystemMessage.php b/lib/Chat/Parser/SystemMessage.php index 8c69a2140..50a8d6a44 100644 --- a/lib/Chat/Parser/SystemMessage.php +++ b/lib/Chat/Parser/SystemMessage.php @@ -25,6 +25,7 @@ namespace OCA\Talk\Chat\Parser; use OCA\Circles\CirclesManager; use OCA\DAV\CardDAV\PhotoCache; +use OCA\Talk\Chat\ChatManager; use OCA\Talk\Exceptions\ParticipantNotFoundException; use OCA\Talk\GuestManager; use OCA\Talk\Model\Attendee; @@ -396,6 +397,14 @@ class SystemMessage { } elseif ($message === 'object_shared') { $parsedParameters['object'] = $parameters['metaData']; $parsedMessage = '{object}'; + + if (isset($parsedParameters['object']['type']) + && $parsedParameters['object']['type'] === 'geo-location' + && !preg_match(ChatManager::GEO_LOCATION_VALIDATOR, $parsedParameters['object']['id'])) { + $parsedParameters = []; + $parsedMessage = $this->l->t('The shared location is malformed'); + } + $chatMessage->setMessageType('comment'); } elseif ($message === 'matterbridge_config_added') { $parsedMessage = $this->l->t('{actor} set up Matterbridge to synchronize this conversation with other chats'); diff --git a/lib/Controller/ChatController.php b/lib/Controller/ChatController.php index 2e22a1cd9..0084240b7 100644 --- a/lib/Controller/ChatController.php +++ b/lib/Controller/ChatController.php @@ -291,6 +291,11 @@ class ChatController extends AEnvironmentAwareController { return new DataResponse([], Http::STATUS_BAD_REQUEST); } + if ($data['type'] === 'geo-location' + && !preg_match(ChatManager::GEO_LOCATION_VALIDATOR, $data['id'])) { + return new DataResponse([], Http::STATUS_BAD_REQUEST); + } + $this->participantService->ensureOneToOneRoomIsFilled($this->room); $creationDateTime = $this->timeFactory->getDateTime('now', new \DateTimeZone('UTC')); |