Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(AccountProperty): better validation of twitter and fediverse handles #50678

Merged
merged 5 commits into from
Feb 6, 2025
Merged

fix(AccountProperty): better validation of twitter and fediverse handles #50678

merged 5 commits into from
Feb 6, 2025

Conversation

susnux
Copy link
Contributor

@susnux susnux commented Feb 5, 2025
edited
Loading

Summary

Make sure that twitter and fediverse handles are in a valid format.

Checklist

@susnux susnux added bug 3. to review Waiting for reviews feature: profile PRs or issues related to the Profile feature (e.g. Profile page, API, etc.) labels Feb 5, 2025
@susnux susnux added this to the Nextcloud 32 milestone Feb 5, 2025
@susnux
Copy link
Contributor Author

susnux commented Feb 5, 2025

/backport to stable31

@susnux
Copy link
Contributor Author

susnux commented Feb 5, 2025

/backport to stable30

@susnux
Copy link
Contributor Author

susnux commented Feb 5, 2025

/backport to stable29

@susnux susnux force-pushed the fix/harden-account-properties branch from 2227cff to d8e3ba8 Compare February 5, 2025 23:18
Pytal
Pytal approved these changes Feb 5, 2025
View reviewed changes
Copy link
Member

@Pytal Pytal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good overall

apps/settings/src/components/PersonalInfo/FediverseSection.vue
}

try {
return URL.parse(`https://${result[2]}/`) !== null
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, only knew of the new URL way before 💯

apps/provisioning_api/lib/Controller/UsersController.php Outdated Show resolved Hide resolved
@susnux susnux force-pushed the fix/harden-account-properties branch from d8e3ba8 to 6675740 Compare February 6, 2025 00:35
@susnux susnux force-pushed the fix/harden-account-properties branch from 96573e1 to d7c0626 Compare February 6, 2025 09:10
susnux added 5 commits February 6, 2025 11:58
@susnux
fix(AccountManager): Sanitize social media handles
fbef47a 
Ensure to only accept valid X and fediverse handles.

Signed-off-by: Ferdinand Thiessen <[email protected]>
@susnux
fix(FediverseAction): Ensure valid fediverse links are generated
729cdf6 
Harden also for existing values of the profile.

Signed-off-by: Ferdinand Thiessen <[email protected]>
@susnux
fix(provisioning_api): Correct limit for editUser
2a0f81d 
Signed-off-by: Ferdinand Thiessen <[email protected]>
@susnux
fix(settings): Also sanitize fediverse and twitter handle in the fron…
460ceaa 
…tend

Signed-off-by: Ferdinand Thiessen <[email protected]>
@susnux
chore: Compile assets
241545b 
Signed-off-by: Ferdinand Thiessen <[email protected]>
@susnux susnux force-pushed the fix/harden-account-properties branch from d7c0626 to 241545b Compare February 6, 2025 10:58
@susnux susnux merged commit e71e58e into master Feb 6, 2025
189 checks passed
@susnux susnux deleted the fix/harden-account-properties branch February 6, 2025 13:40
This was referenced Feb 6, 2025
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nickvergessen nickvergessen nickvergessen left review comments

@Pytal Pytal Pytal approved these changes

@AndyScherzinger AndyScherzinger AndyScherzinger approved these changes

@skjnldsv skjnldsv skjnldsv approved these changes

@provokateurin provokateurin Awaiting requested review from provokateurin

@come-nc come-nc Awaiting requested review from come-nc

Assignees
No one assigned
Labels
3. to review Waiting for reviews bug feature: profile PRs or issues related to the Profile feature (e.g. Profile page, API, etc.)
Projects
None yet
Milestone
Nextcloud 32
Development

Successfully merging this pull request may close these issues.
5 participants
@susnux @nickvergessen @AndyScherzinger @skjnldsv @Pytal