Fix an XSS vulnerability in v1.2.1-rc (#1561)

* fix #1560 * Update var/Typecho/Validate.php Co-authored-by: 沈唁 <52o@qq52o.cn> --------- Co-authored-by: joyqi <joyqi@users.noreply.github.com> Co-authored-by: 沈唁 <52o@qq52o.cn>
typecho · May 15, 2023 · 83d4d02 · 83d4d02
1 parent 01100c9
commit 83d4d02
Showing 1 changed file with 9 additions and 5 deletions.
diff --git a/var/Typecho/Validate.php b/var/Typecho/Validate.php
@@ -96,7 +96,7 @@ public static function maxLength(string $str, int $length): bool
      */
     public static function email(string $str): bool
     {
-        return filter_var($str, FILTER_VALIDATE_EMAIL) !== false;
+        return (bool) preg_match("/^[_a-z0-9-\.]+@([-a-z0-9]+\.)+[a-z]{2,}$/i", $str);
     }
 
     /**
@@ -110,10 +110,14 @@ public static function email(string $str): bool
      */
     public static function url(string $str): bool
     {
-        return filter_var(
-            $str,
-            FILTER_VALIDATE_URL
-        ) !== false;
+        $parts = parse_url($str);
+        if (!$parts) {
+            return false;
+        }
+
+        return isset($parts['scheme']) &&
+        in_array($parts['scheme'], ['http', 'https']) &&
+        !preg_match('/(\(|\)|\\\|"|<|>|[\x00-\x08]|[\x0b-\x0c]|[\x0e-\x19])/', $str);
     }
 
     /**