Mirrored_Repos/yattee
1
0
Fork 0
mirror of https://github.com/yattee/yattee.git synced 2024-11-09 15:58:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

sanitise user and password in url

Browse Source 
Signed-off-by: Toni Förster <toni.foerster@gmail.com>
This commit is contained in:
Toni Förster 2024-08-28 16:21:49 +02:00
parent 772e5016c4
commit cea2684a29
No known key found for this signature in database
GPG Key ID: 292F3E5086C83FC7
1 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
Model/Accounts/AccountsBridge.swift
View File

@ -10,11 +10,28 @@ struct AccountsBridge: Defaults.Bridge {
return nil return nil
} }
// Parse the urlString to check for embedded username and password
var sanitizedUrlString = value.urlString
if var urlComponents = URLComponents(string: value.urlString) {
if let user = urlComponents.user, let password = urlComponents.password {
// Sanitize the embedded username and password
let sanitizedUser = user.addingPercentEncoding(withAllowedCharacters: .urlUserAllowed) ?? user
let sanitizedPassword = password.addingPercentEncoding(withAllowedCharacters: .urlPasswordAllowed) ?? password
// Update the URL components with sanitized credentials
urlComponents.user = sanitizedUser
urlComponents.password = sanitizedPassword
// Reconstruct the sanitized URL
sanitizedUrlString = urlComponents.string ?? value.urlString
}
}
return [ return [
"id": value.id, "id": value.id,
"instanceID": value.instanceID ?? "", "instanceID": value.instanceID ?? "",
"name": value.name, "name": value.name,
"apiURL": value.urlString, "apiURL": sanitizedUrlString,
"username": value.username, "username": value.username,
"password": value.password ?? "" "password": value.password ?? ""
] ]