From be88530fa4c99e309a6bc01f6e72b6fa25e10f6f Mon Sep 17 00:00:00 2001 From: Valentin Lorentz Date: Wed, 25 Aug 2021 21:53:05 +0200 Subject: [PATCH] commands: Disallow IRIs from 'url' and 'httpUrl' converters. urllib doesn't support IRIs, and gives out a cryptic 'UnicodeEncodeError: 'ascii' codec can't encode character ...' if we don't validate it. --- plugins/Web/test.py | 4 ++++ src/commands.py | 9 +++++++++ 2 files changed, 13 insertions(+) diff --git a/plugins/Web/test.py b/plugins/Web/test.py index c9bdee823..e3d88459e 100644 --- a/plugins/Web/test.py +++ b/plugins/Web/test.py @@ -176,5 +176,9 @@ class WebTestCase(ChannelPluginTestCase): finally: conf.supybot.plugins.Web.nonSnarfingRegexp.set('') + def testFetchIri(self): + self.assertRegexp('fetch http://café.example.org/', + 'Error: .*is not a valid') + # vim:set shiftwidth=4 softtabstop=4 expandtab textwidth=79: diff --git a/src/commands.py b/src/commands.py index e9107c2cb..93bee0f72 100644 --- a/src/commands.py +++ b/src/commands.py @@ -667,8 +667,15 @@ def getGlob(irc, msg, args, state): glob = '*%s*' % glob state.args.append(glob) +def _checkUrl(url): + try: + args[0].encode('ascii') + except UnicodeEncodeError: + state.errorInvalid(_('url'), args[0]) + def getUrl(irc, msg, args, state): if utils.web.urlRe.match(args[0]): + _checkUrl(args[0]) state.args.append(args.pop(0)) else: state.errorInvalid(_('url'), args[0]) @@ -681,8 +688,10 @@ def getEmail(irc, msg, args, state): def getHttpUrl(irc, msg, args, state): if utils.web.httpUrlRe.match(args[0]): + _checkUrl(args[0]) state.args.append(args.pop(0)) elif utils.web.httpUrlRe.match('http://' + args[0]): + _checkUrl('http://' + args[0]) state.args.append('http://' + args.pop(0)) else: state.errorInvalid(_('http url'), args[0])