diff options
| author | かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com> | 2024-05-27 17:18:12 +0900 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-27 17:18:12 +0900 |
| commit | 805a11aadbbc0f0a32531fd86443de514df74466 (patch) | |
| tree | 925d25a3a4e22b0f73edf58cf28df2a7d46fce79 /packages/backend/src/server/api/endpoints | |
| parent | enhance(frontend): 「見たことのあるリノートを省略して表示... (diff) | |
| download | misskey-805a11aadbbc0f0a32531fd86443de514df74466.tar.gz misskey-805a11aadbbc0f0a32531fd86443de514df74466.tar.bz2 misskey-805a11aadbbc0f0a32531fd86443de514df74466.zip | |
enhance(backend): プロフィールのリンク検証にtry-catchを追加 (#13882)
* enhance(backend): プロフィールのリンク検証にtry-catchを追加
* :v:
Diffstat (limited to 'packages/backend/src/server/api/endpoints')
| -rw-r--r-- | packages/backend/src/server/api/endpoints/i/update.ts | 36 |
1 files changed, 21 insertions, 15 deletions
diff --git a/packages/backend/src/server/api/endpoints/i/update.ts b/packages/backend/src/server/api/endpoints/i/update.ts index 84a1931a3d..a8e702f328 100644 --- a/packages/backend/src/server/api/endpoints/i/update.ts +++ b/packages/backend/src/server/api/endpoints/i/update.ts @@ -498,26 +498,32 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint- private async verifyLink(url: string, user: MiLocalUser) { if (!safeForSql(url)) return; - const html = await this.httpRequestService.getHtml(url); + try { + const html = await this.httpRequestService.getHtml(url); - const { window } = new JSDOM(html); - const doc = window.document; + const { window } = new JSDOM(html); + const doc = window.document; - const myLink = `${this.config.url}/@${user.username}`; + const myLink = `${this.config.url}/@${user.username}`; - const aEls = Array.from(doc.getElementsByTagName('a')); - const linkEls = Array.from(doc.getElementsByTagName('link')); + const aEls = Array.from(doc.getElementsByTagName('a')); + const linkEls = Array.from(doc.getElementsByTagName('link')); - const includesMyLink = aEls.some(a => a.href === myLink); - const includesRelMeLinks = [...aEls, ...linkEls].some(link => link.rel === 'me' && link.href === myLink); + const includesMyLink = aEls.some(a => a.href === myLink); + const includesRelMeLinks = [...aEls, ...linkEls].some(link => link.rel === 'me' && link.href === myLink); - if (includesMyLink || includesRelMeLinks) { - await this.userProfilesRepository.createQueryBuilder('profile').update() - .where('userId = :userId', { userId: user.id }) - .set({ - verifiedLinks: () => `array_append("verifiedLinks", '${url}')`, // ここでSQLインジェクションされそうなのでとりあえず safeForSql で弾いている - }) - .execute(); + if (includesMyLink || includesRelMeLinks) { + await this.userProfilesRepository.createQueryBuilder('profile').update() + .where('userId = :userId', { userId: user.id }) + .set({ + verifiedLinks: () => `array_append("verifiedLinks", '${url}')`, // ここでSQLインジェクションされそうなのでとりあえず safeForSql で弾いている + }) + .execute(); + } + + window.close(); + } catch (err) { + // なにもしない } } } |