tdlight-team/tdlight
tdlight-team/tdlight
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Improve Web App and game name checks.

Browse Source
This commit is contained in:
levlam 2023-02-24 14:09:47 +03:00
parent 129de63bea
commit c8ebe2aabe
2 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
td/telegram/LinkManager.cpp
View File

@ -58,11 +58,12 @@ static bool is_valid_phone_number(Slice phone_number) {
return true; return true;
} }
static bool is_valid_game_name(Slice name) {
return name.size() >= 3 && is_valid_username(name);
}
static bool is_valid_web_app_name(Slice name) { static bool is_valid_web_app_name(Slice name) {
if (name.empty() || !is_alpha(name[0])) { return name.size() >= 3 && is_valid_username(name);
return false;
}
return true;
} }
static string get_url_query_hash(bool is_tg, const HttpUrlQuery &url_query) { static string get_url_query_hash(bool is_tg, const HttpUrlQuery &url_query) {
@ -1106,7 +1107,7 @@ unique_ptr<LinkManager::InternalLink> LinkManager::parse_tg_link_query(Slice que
return td::make_unique<InternalLinkBotAddToChannel>(std::move(username), std::move(administrator_rights)); return td::make_unique<InternalLinkBotAddToChannel>(std::move(username), std::move(administrator_rights));
} }
} }
if (arg.first == "game" && !arg.second.empty()) { if (arg.first == "game" && is_valid_game_name(arg.second)) {
// resolve?domain=<bot_username>&game=<short_name> // resolve?domain=<bot_username>&game=<short_name>
return td::make_unique<InternalLinkGame>(std::move(username), arg.second); return td::make_unique<InternalLinkGame>(std::move(username), arg.second);
} }
@ -1484,7 +1485,7 @@ unique_ptr<LinkManager::InternalLink> LinkManager::parse_t_me_link_query(Slice q
return td::make_unique<InternalLinkBotAddToChannel>(std::move(username), std::move(administrator_rights)); return td::make_unique<InternalLinkBotAddToChannel>(std::move(username), std::move(administrator_rights));
} }
} }
if (arg.first == "game" && !arg.second.empty()) { if (arg.first == "game" && is_valid_game_name(arg.second)) {
// /<bot_username>?game=<short_name> // /<bot_username>?game=<short_name>
return td::make_unique<InternalLinkGame>(std::move(username), arg.second); return td::make_unique<InternalLinkGame>(std::move(username), arg.second);
} }

8
test/link.cpp
View File

@ -898,7 +898,9 @@ TEST(Link, parse_internal_link) {
parse_internal_link("tg:http://resolve?domain=username&game=asd", nullptr); parse_internal_link("tg:http://resolve?domain=username&game=asd", nullptr);
parse_internal_link("tg:https://resolve?domain=username&game=asd", nullptr); parse_internal_link("tg:https://resolve?domain=username&game=asd", nullptr);
parse_internal_link("tg:resolve?domain=&game=asd", unknown_deep_link("tg://resolve?domain=&game=asd")); parse_internal_link("tg:resolve?domain=&game=asd", unknown_deep_link("tg://resolve?domain=&game=asd"));
parse_internal_link("tg:resolve?domain=telegram&&&&&&&game=%30", game("telegram", "0")); parse_internal_link("tg:resolve?domain=telegram&&&&&&&game=%30", public_chat("telegram"));
parse_internal_link("tg:resolve?domain=telegram&&&&&&&game=%30ab", public_chat("telegram"));
parse_internal_link("tg:resolve?domain=telegram&&&&&&&game=ab%30", game("telegram", "ab0"));
parse_internal_link("t.me/username/0/a//s/as?game=asd", game("username", "asd")); parse_internal_link("t.me/username/0/a//s/as?game=asd", game("username", "asd"));
parse_internal_link("t.me/username/aasdas/2?test=1&game=asd#12312", game("username", "asd")); parse_internal_link("t.me/username/aasdas/2?test=1&game=asd#12312", game("username", "asd"));
@ -918,7 +920,9 @@ TEST(Link, parse_internal_link) {
parse_internal_link("tg:http://resolve?domain=username&appname=asd", nullptr); parse_internal_link("tg:http://resolve?domain=username&appname=asd", nullptr);
parse_internal_link("tg:https://resolve?domain=username&appname=asd", nullptr); parse_internal_link("tg:https://resolve?domain=username&appname=asd", nullptr);
parse_internal_link("tg:resolve?domain=&appname=asd", unknown_deep_link("tg://resolve?domain=&appname=asd")); parse_internal_link("tg:resolve?domain=&appname=asd", unknown_deep_link("tg://resolve?domain=&appname=asd"));
parse_internal_link("tg:resolve?domain=telegram&&&&&&&appname=%41&startapp=", web_app("telegram", "A", "")); parse_internal_link("tg:resolve?domain=telegram&&&&&&&appname=%41&startapp=", public_chat("telegram"));
parse_internal_link("tg:resolve?domain=telegram&&&&&&&appname=%41b&startapp=", public_chat("telegram"));
parse_internal_link("tg:resolve?domain=telegram&&&&&&&appname=%41bc&startapp=", web_app("telegram", "Abc", ""));
parse_internal_link("t.me/username/0/a//s/as?appname=asd", public_chat("username")); parse_internal_link("t.me/username/0/a//s/as?appname=asd", public_chat("username"));
parse_internal_link("t.me/username/aasdas/2?test=1&appname=asd#12312", public_chat("username")); parse_internal_link("t.me/username/aasdas/2?test=1&appname=asd#12312", public_chat("username"));