commands: Disallow IRIs from 'url' and 'httpUrl' converters.

urllib doesn't support IRIs, and gives out a cryptic
'UnicodeEncodeError: 'ascii' codec can't encode character ...'
if we don't validate it.
This commit is contained in:
Valentin Lorentz 2021-08-25 21:53:05 +02:00
parent 62db3a92fc
commit be88530fa4
2 changed files with 13 additions and 0 deletions

View File

@ -176,5 +176,9 @@ class WebTestCase(ChannelPluginTestCase):
finally:
conf.supybot.plugins.Web.nonSnarfingRegexp.set('')
def testFetchIri(self):
self.assertRegexp('fetch http://café.example.org/',
'Error: .*is not a valid')
# vim:set shiftwidth=4 softtabstop=4 expandtab textwidth=79:

View File

@ -667,8 +667,15 @@ def getGlob(irc, msg, args, state):
glob = '*%s*' % glob
state.args.append(glob)
def _checkUrl(url):
try:
args[0].encode('ascii')
except UnicodeEncodeError:
state.errorInvalid(_('url'), args[0])
def getUrl(irc, msg, args, state):
if utils.web.urlRe.match(args[0]):
_checkUrl(args[0])
state.args.append(args.pop(0))
else:
state.errorInvalid(_('url'), args[0])
@ -681,8 +688,10 @@ def getEmail(irc, msg, args, state):
def getHttpUrl(irc, msg, args, state):
if utils.web.httpUrlRe.match(args[0]):
_checkUrl(args[0])
state.args.append(args.pop(0))
elif utils.web.httpUrlRe.match('http://' + args[0]):
_checkUrl('http://' + args[0])
state.args.append('http://' + args.pop(0))
else:
state.errorInvalid(_('http url'), args[0])