From 307c25ed385d44064dd20a3b4c52397ef5e12ae6 Mon Sep 17 00:00:00 2001 From: trigaux Date: Mon, 16 Sep 2024 14:06:50 -0400 Subject: [PATCH 1/3] Sanitize relay url to not allow protocol. --- Decimus/Views/Settings/RelaySettingsView.swift | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Decimus/Views/Settings/RelaySettingsView.swift b/Decimus/Views/Settings/RelaySettingsView.swift index aeaedded..16a24d8f 100644 --- a/Decimus/Views/Settings/RelaySettingsView.swift +++ b/Decimus/Views/Settings/RelaySettingsView.swift @@ -15,6 +15,11 @@ struct RelaySettingsView: View { LabeledContent("Address") { TextField("relay_address", text: $relayConfig.value.address, prompt: Text("localhost")) .keyboardType(.URL) + .onSubmit { + if let url = URL(string: relayConfig.value.address) { + relayConfig.value.address = url.host() ?? relayConfig.value.address; + } + } } LabeledContent("Protocol") { From 4486ac9926c6c5a9b4dd40f9424efc0a5a0f21b3 Mon Sep 17 00:00:00 2001 From: trigaux Date: Mon, 16 Sep 2024 15:00:57 -0400 Subject: [PATCH 2/3] Sanitize manifest url. --- Decimus/ManifestController.swift | 5 ++++- Decimus/Views/Settings/ManifestSettingsView.swift | 5 +++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/Decimus/ManifestController.swift b/Decimus/ManifestController.swift index 9877bbc2..8b2420a0 100644 --- a/Decimus/ManifestController.swift +++ b/Decimus/ManifestController.swift @@ -116,7 +116,10 @@ class ManifestController { } private func makeRequest(method: String, components: URLComponents) throws -> URLRequest { - guard let url = URL(string: components.string!) else { + guard let str = components.string else { + throw "Invalid URL: no components" + } + guard let url = URL(string: str) else { throw "Invalid URL: \(components)" } diff --git a/Decimus/Views/Settings/ManifestSettingsView.swift b/Decimus/Views/Settings/ManifestSettingsView.swift index 20570867..a71e400e 100644 --- a/Decimus/Views/Settings/ManifestSettingsView.swift +++ b/Decimus/Views/Settings/ManifestSettingsView.swift @@ -33,6 +33,11 @@ struct ManifestSettingsView: View { LabeledContent("Address") { TextField("manifest_address", text: $manifestConfig.value.url, prompt: Text("127.0.0.1")) .keyboardType(.URL) + .onSubmit { + if let url = URL(string: manifestConfig.value.url) { + manifestConfig.value.url = url.host() ?? manifestConfig.value.url; + } + } } LabeledContent("Port") { From 8657ef836e0a2763e03a203c356ddfdf3bc45067 Mon Sep 17 00:00:00 2001 From: trigaux Date: Tue, 17 Sep 2024 14:12:35 -0400 Subject: [PATCH 3/3] Sanitize always. --- Decimus/Views/Settings/ManifestSettingsView.swift | 2 +- Decimus/Views/Settings/RelaySettingsView.swift | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Decimus/Views/Settings/ManifestSettingsView.swift b/Decimus/Views/Settings/ManifestSettingsView.swift index a71e400e..ce469da8 100644 --- a/Decimus/Views/Settings/ManifestSettingsView.swift +++ b/Decimus/Views/Settings/ManifestSettingsView.swift @@ -33,7 +33,7 @@ struct ManifestSettingsView: View { LabeledContent("Address") { TextField("manifest_address", text: $manifestConfig.value.url, prompt: Text("127.0.0.1")) .keyboardType(.URL) - .onSubmit { + .onChange(of: manifestConfig.value.url) { if let url = URL(string: manifestConfig.value.url) { manifestConfig.value.url = url.host() ?? manifestConfig.value.url; } diff --git a/Decimus/Views/Settings/RelaySettingsView.swift b/Decimus/Views/Settings/RelaySettingsView.swift index 16a24d8f..aba6f7bd 100644 --- a/Decimus/Views/Settings/RelaySettingsView.swift +++ b/Decimus/Views/Settings/RelaySettingsView.swift @@ -15,7 +15,7 @@ struct RelaySettingsView: View { LabeledContent("Address") { TextField("relay_address", text: $relayConfig.value.address, prompt: Text("localhost")) .keyboardType(.URL) - .onSubmit { + .onChange(of: relayConfig.value.address) { if let url = URL(string: relayConfig.value.address) { relayConfig.value.address = url.host() ?? relayConfig.value.address; }