github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-04 10:17:19 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Onebox canonical links bypassing FinalDestination checks (#13605)

Browse Source
This commit is contained in:
Arpit Jalan
2021-07-01 20:09:29 +05:30
committed by GitHub
parent 1c38b4abf1
commit 05bdbd9f97
6 changed files with 45 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/onebox/helpers.rb
View File

@ -36,9 +36,12 @@ module Onebox
# prefer canonical link
canonical_link = doc.at('//link[@rel="canonical"]/@href')
canonical_uri = Addressable::URI.parse(canonical_link)
if canonical_link && "#{canonical_uri.host}#{canonical_uri.path}" != "#{uri.host}#{uri.path}" && canonical_uri.host != "localhost"
response = (fetch_response(canonical_uri.to_s, headers: headers, body_cacher: body_cacher) rescue nil)
doc = Nokogiri::HTML(response) if response
if canonical_link && canonical_uri && "#{canonical_uri.host}#{canonical_uri.path}" != "#{uri.host}#{uri.path}"
uri = FinalDestination.new(canonical_link, Oneboxer.get_final_destination_options(canonical_link)).resolve
if uri.present?
response = (fetch_response(uri.to_s, headers: headers, body_cacher: body_cacher) rescue nil)
doc = Nokogiri::HTML(response) if response
end
end
end