From e76b5643effc0a38c28a561ce403c97033419398 Mon Sep 17 00:00:00 2001 From: Mnikolenko Productengine Date: Wed, 10 Aug 2016 13:31:25 +0300 Subject: MAINT-6608 FIXED URI parser problem with links with username, password --- indra/llui/llurlentry.cpp | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'indra/llui/llurlentry.cpp') diff --git a/indra/llui/llurlentry.cpp b/indra/llui/llurlentry.cpp index e4848362a7..797fae81c4 100644 --- a/indra/llui/llurlentry.cpp +++ b/indra/llui/llurlentry.cpp @@ -205,9 +205,15 @@ std::string LLUrlEntryBase::urlToGreyQuery(const std::string &url) const std::string label; up.extractParts(); - up.glueFirst(label); - std::string query = url.substr(label.size()); - return query; + up.glueFirst(label, false); + + size_t pos = url.find(label); + if (pos == std::string::npos) + { + return ""; + } + pos += label.size(); + return url.substr(pos); } -- cgit v1.3 From 377683a8ed85a0f6dcf78ba0d3c78f2fd9fff5d7 Mon Sep 17 00:00:00 2001 From: Mnikolenko Productengine Date: Tue, 23 Aug 2016 13:01:19 +0300 Subject: MAINT-6648 FIXED [SECURITY] Link tags do not filter unicode and allow for easy URL spoofing. --- indra/llui/llurlentry.cpp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'indra/llui/llurlentry.cpp') diff --git a/indra/llui/llurlentry.cpp b/indra/llui/llurlentry.cpp index 797fae81c4..27a2456deb 100644 --- a/indra/llui/llurlentry.cpp +++ b/indra/llui/llurlentry.cpp @@ -183,8 +183,9 @@ bool LLUrlEntryBase::isLinkDisabled() const bool LLUrlEntryBase::isWikiLinkCorrect(std::string url) { - std::string label = getLabelFromWikiLink(url); - return (LLUrlRegistry::instance().hasUrl(label)) ? false : true; + LLWString label = utf8str_to_wstring(getLabelFromWikiLink(url)); + label.erase(std::remove(label.begin(), label.end(), L'\u200B'), label.end()); + return (LLUrlRegistry::instance().hasUrl(wstring_to_utf8str(label))) ? false : true; } std::string LLUrlEntryBase::urlToLabelWithGreyQuery(const std::string &url) const -- cgit v1.3 From 3b328a3880972141311d38500e94f7b1bc64786c Mon Sep 17 00:00:00 2001 From: Mnikolenko Productengine Date: Tue, 15 Nov 2016 13:00:47 +0200 Subject: MAINT-6929 [Contribution] E-mail links are not parsed correctly when top level domain is over 6 characters. --- doc/contributions.txt | 1 + indra/llui/llurlentry.cpp | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'indra/llui/llurlentry.cpp') diff --git a/doc/contributions.txt b/doc/contributions.txt index 2ea1db7e66..b93117e37e 100755 --- a/doc/contributions.txt +++ b/doc/contributions.txt @@ -209,6 +209,7 @@ Ansariel Hiller MAINT-6917 STORM-2140 MAINT-6912 + MAINT-6929 Aralara Rajal Arare Chantilly CHUIBUG-191 diff --git a/indra/llui/llurlentry.cpp b/indra/llui/llurlentry.cpp index 27a2456deb..b5a31f5118 100644 --- a/indra/llui/llurlentry.cpp +++ b/indra/llui/llurlentry.cpp @@ -1377,7 +1377,7 @@ std::string LLUrlEntryIcon::getIcon(const std::string &url) LLUrlEntryEmail::LLUrlEntryEmail() : LLUrlEntryBase() { - mPattern = boost::regex("(mailto:)?[\\w\\.\\-]+@[\\w\\.\\-]+\\.[a-z]{2,6}", + mPattern = boost::regex("(mailto:)?[\\w\\.\\-]+@[\\w\\.\\-]+\\.[a-z]{2,63}", boost::regex::perl | boost::regex::icase); mMenuName = "menu_url_email.xml"; mTooltip = LLTrans::getString("TooltipEmail"); -- cgit v1.3