tdlight-team/tdlight
tdlight-team/tdlight
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Disallow numeric invite link hashes.

Browse Source
This commit is contained in:
levlam 2023-03-01 21:35:16 +03:00
parent 86b4213a8c
commit 9652b075b6
2 changed files with 29 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
td/telegram/LinkManager.cpp
View File

@ -79,9 +79,6 @@ static string get_url_query_hash(bool is_tg, const HttpUrlQuery &url_query) {
return path[1];
}
if (!path.empty() && path[0].size() >= 2 && (path[0][0] == ' ' || path[0][0] == '+')) {
if (is_valid_phone_number(Slice(path[0]).substr(1))) {
return string();
}
// /+<link>
return path[0].substr(1);
}
@ -1207,8 +1204,10 @@ unique_ptr<LinkManager::InternalLink> LinkManager::parse_tg_link_query(Slice que
} else if (path.size() == 1 && path[0] == "join") {
// join?invite=<hash>
if (has_arg("invite")) {
return td::make_unique<InternalLinkDialogInvite>(PSTRING() << "tg:join?invite="
<< url_encode(get_url_query_hash(true, url_query)));
auto invite_hash = get_url_query_hash(true, url_query);
if (!invite_hash.empty() && !is_valid_phone_number(invite_hash)) {
return td::make_unique<InternalLinkDialogInvite>(PSTRING() << "tg:join?invite=" << url_encode(invite_hash));
}
}
} else if (path.size() == 1 && (path[0] == "addstickers" || path[0] == "addemoji")) {
// addstickers?set=<name>
@ -1335,14 +1334,17 @@ unique_ptr<LinkManager::InternalLink> LinkManager::parse_t_me_link_query(Slice q
}
} else if (path[0] == "joinchat") {
if (path.size() >= 2 && !path[1].empty()) {
// /joinchat/<link>
return td::make_unique<InternalLinkDialogInvite>(PSTRING() << "tg:join?invite="
<< url_encode(get_url_query_hash(false, url_query)));
auto invite_hash = get_url_query_hash(false, url_query);
if (!invite_hash.empty() && !is_valid_phone_number(invite_hash)) {
// /joinchat/<link>
return td::make_unique<InternalLinkDialogInvite>(PSTRING() << "tg:join?invite=" << url_encode(invite_hash));
}
}
} else if (path[0][0] == ' ' || path[0][0] == '+') {
if (path[0].size() >= 2) {
if (is_valid_phone_number(Slice(path[0]).substr(1))) {
auto user_link = td::make_unique<InternalLinkUserPhoneNumber>(path[0].substr(1));
auto invite_hash = get_url_query_hash(false, url_query);
if (is_valid_phone_number(invite_hash)) {
auto user_link = td::make_unique<InternalLinkUserPhoneNumber>(invite_hash);
if (!url_query.get_arg("attach").empty()) {
// /+<phone_number>?attach=<bot_username>
// /+<phone_number>?attach=<bot_username>&startattach=<start_parameter>
@ -1351,10 +1353,9 @@ unique_ptr<LinkManager::InternalLink> LinkManager::parse_t_me_link_query(Slice q
}
// /+<phone_number>
return std::move(user_link);
} else {
} else if (!invite_hash.empty()) {
// /+<link>
return td::make_unique<InternalLinkDialogInvite>(PSTRING() << "tg:join?invite="
<< url_encode(get_url_query_hash(false, url_query)));
return td::make_unique<InternalLinkDialogInvite>(PSTRING() << "tg:join?invite=" << url_encode(invite_hash));
}
}
} else if (path[0] == "contact") {
@ -1713,7 +1714,11 @@ string LinkManager::get_dialog_invite_link_hash(Slice invite_link) {
return string();
}
const auto url_query = parse_url_query(link_info.query_);
return get_url_query_hash(link_info.type_ == LinkType::Tg, url_query);
auto invite_hash = get_url_query_hash(link_info.type_ == LinkType::Tg, url_query);
if (is_valid_phone_number(invite_hash)) {
return string();
}
return invite_hash;
}
string LinkManager::get_dialog_invite_link(Slice hash, bool is_internal) {

16
test/link.cpp
View File

@ -257,9 +257,10 @@ TEST(Link, parse_internal_link) {
parse_internal_link("www%2etelegram.me/levlam/1", message("tg:resolve?domain=levlam&post=1"));
parse_internal_link("www%2Etelegram.dog/levlam/1", message("tg:resolve?domain=levlam&post=1"));
parse_internal_link("www%252Etelegram.dog/levlam/1", nullptr);
parse_internal_link("www.t.me/s/s/s/s/s/joinchat/1", chat_invite("1"));
parse_internal_link("www.t.me/s/%73/%73/s/%73/joinchat/1", chat_invite("1"));
parse_internal_link("http://t.me/s/s/s/s/s/s/s/s/s/s/s/s/s/s/s/s/s/joinchat/1", chat_invite("1"));
parse_internal_link("www.t.me/s/s/s/s/s/joinchat/1", nullptr);
parse_internal_link("www.t.me/s/s/s/s/s/joinchat/a", chat_invite("a"));
parse_internal_link("www.t.me/s/%73/%73/s/%73/joinchat/a", chat_invite("a"));
parse_internal_link("http://t.me/s/s/s/s/s/s/s/s/s/s/s/s/s/s/s/s/s/joinchat/a", chat_invite("a"));
parse_internal_link("http://t.me/levlam/1", message("tg:resolve?domain=levlam&post=1"));
parse_internal_link("https://t.me/levlam/1", message("tg:resolve?domain=levlam&post=1"));
parse_internal_link("hTtp://www.t.me:443/levlam/1", message("tg:resolve?domain=levlam&post=1"));
@ -570,9 +571,12 @@ TEST(Link, parse_internal_link) {
parse_internal_link("t.me/joinchat/aba%20aba", chat_invite("aba%20aba"));
parse_internal_link("t.me/joinchat/aba%30aba", chat_invite("aba0aba"));
parse_internal_link("t.me/joinchat/123456a", chat_invite("123456a"));
parse_internal_link("t.me/joinchat/12345678901", chat_invite("12345678901"));
parse_internal_link("t.me/joinchat/123456", chat_invite("123456"));
parse_internal_link("t.me/joinchat/123456/123123/12/31/a/s//21w/?asdas#test", chat_invite("123456"));
parse_internal_link("t.me/joinchat/12345678901", nullptr);
parse_internal_link("t.me/joinchat/123456", nullptr);
parse_internal_link("t.me/joinchat/123456/123123/12/31/a/s//21w/?asdas#test", nullptr);
parse_internal_link("t.me/joinchat/12345678901a", chat_invite("12345678901a"));
parse_internal_link("t.me/joinchat/123456a", chat_invite("123456a"));
parse_internal_link("t.me/joinchat/123456a/123123/12/31/a/s//21w/?asdas#test", chat_invite("123456a"));
parse_internal_link("t.me/+?invite=abcdef", nullptr);
parse_internal_link("t.me/+a", chat_invite("a"));