![[staff profile]](https://www.dreamwidth.org/img/silk/identity/user_staff.png){kind=small}
![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
[dw-free] http://bugs.dwscoalition.org/show_bug.cgi?id=1287
[commit: http://hg.dwscoalition.org/dw-free/rev/94480661f601]
http://bugs.dwscoalition.org/show_bug.cgi?id=1287
Sanitize input of custom domains, and fix support for URLs with trailing
dots in the domain.
Patch by![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
exor674.
Files modified:
http://bugs.dwscoalition.org/show_bug.cgi?id=1287
Sanitize input of custom domains, and fix support for URLs with trailing
dots in the domain.
Patch by
exor674.Files modified:
- cgi-bin/Apache/LiveJournal.pm
- cgi-bin/LJ/Setting/DomainMapping.pm
- htdocs/manage/domain.bml
--------------------------------------------------------------------------------
diff -r 374d3d6141ad -r 94480661f601 cgi-bin/Apache/LiveJournal.pm
--- a/cgi-bin/Apache/LiveJournal.pm Fri Jun 12 17:48:19 2009 +0000
+++ b/cgi-bin/Apache/LiveJournal.pm Fri Jun 12 17:58:07 2009 +0000
@@ -245,7 +245,10 @@ sub trans
my $args = $r->args;
my $args_wq = $args ? "?$args" : "";
my $host = $r->headers_in->{"Host"};
- my $hostport = ($host =~ s/:\d+$//) ? $& : "";
+ my $hostport = ( $host =~ s/:\d+$// ) ? $& : "";
+
+ # Allow hosts ending in . to work properly.
+ $host =~ s/\.$//;
# disable TRACE (so scripts on non-LJ domains can't invoke
# a trace to get the LJ cookies in the echo)
diff -r 374d3d6141ad -r 94480661f601 cgi-bin/LJ/Setting/DomainMapping.pm
--- a/cgi-bin/LJ/Setting/DomainMapping.pm Fri Jun 12 17:48:19 2009 +0000
+++ b/cgi-bin/LJ/Setting/DomainMapping.pm Fri Jun 12 17:58:07 2009 +0000
@@ -12,9 +12,12 @@ sub save {
# sanitize POST value
- my $domainname = $args->{journaldomain};
+ my $domainname = lc( $args->{journaldomain} );
+
$domainname =~ s!^(http://)?(www\.)?!!;
- $domainname = lc($domainname);
+
+ # Strip off trailing '.', and any path or port the user might have entered.
+ $domainname =~ s!\.([:/].+)?$!!;
my $dbh = LJ::get_db_writer();
diff -r 374d3d6141ad -r 94480661f601 htdocs/manage/domain.bml
--- a/htdocs/manage/domain.bml Fri Jun 12 17:48:19 2009 +0000
+++ b/htdocs/manage/domain.bml Fri Jun 12 17:58:07 2009 +0000
@@ -50,13 +50,17 @@ body<=
# journal domains
my $dom_cap = LJ::get_cap($u, 'domainmap');
- if ((exists $POST{'journaldomain'} && $u->{'journaldomain'} ne $POST{'journaldomain'}) ||
- (!$dom_cap && $POST{'journaldomain_del'})) {
+ if ( ( exists $POST{journaldomain} && $u->{journaldomain} ne $POST{journaldomain} ) ||
+ ( !$dom_cap && $POST{journaldomain_del} ) ) {
- $POST{'journaldomain'} =~ s!^(http://)?(www\.)?!!;
- my $dom = lc($POST{'journaldomain'});
- if (($dom_cap && !$dom) || (!$dom_cap && $POST{'journaldomain_del'})) {
- $dbh->do("DELETE FROM domains WHERE userid=?", undef, $u->{'userid'});
+ my $dom = lc( $POST{journaldomain} );
+ $dom =~ s!^(http://)?(www\.)?!!;
+
+ # Strip off trailing '.', and any path or port the user might have entered.
+ $dom =~ s!\.([:/].+)?$!!;
+
+ if ( ( $dom_cap && !$dom ) || ( !$dom_cap && $POST{journaldomain_del} ) ) {
+ $dbh->do( "DELETE FROM domains WHERE userid=?", undef, $u->{userid} );
} else {
$dbh->do("INSERT INTO domains VALUES (?, ?)", undef, $dom, $u->{'userid'});
if ($dbh->err) {
--------------------------------------------------------------------------------