sanitise user and password in url

Signed-off-by: Toni Förster <toni.foerster@gmail.com>
2024-09-19 17:01:32 +00:00 · 2024-08-28 16:21:49 +02:00 · 2024-08-28 16:21:49 +02:00 · cea2684a29
commit cea2684a29
parent 772e5016c4
1 changed files with 18 additions and 1 deletions
--- a/Model/Accounts/AccountsBridge.swift
+++ b/Model/Accounts/AccountsBridge.swift
@ -10,11 +10,28 @@ struct AccountsBridge: Defaults.Bridge {
            return nil
        }

+        // Parse the urlString to check for embedded username and password
+        var sanitizedUrlString = value.urlString
+        if var urlComponents = URLComponents(string: value.urlString) {
+            if let user = urlComponents.user, let password = urlComponents.password {
+                // Sanitize the embedded username and password
+                let sanitizedUser = user.addingPercentEncoding(withAllowedCharacters: .urlUserAllowed) ?? user
+                let sanitizedPassword = password.addingPercentEncoding(withAllowedCharacters: .urlPasswordAllowed) ?? password
+
+                // Update the URL components with sanitized credentials
+                urlComponents.user = sanitizedUser
+                urlComponents.password = sanitizedPassword
+
+                // Reconstruct the sanitized URL
+                sanitizedUrlString = urlComponents.string ?? value.urlString
+            }
+        }
+
        return [
            "id": value.id,
            "instanceID": value.instanceID ?? "",
            "name": value.name,
-            "apiURL": value.urlString,
+            "apiURL": sanitizedUrlString,
            "username": value.username,
            "password": value.password ?? ""
        ]