1
0
mirror of https://github.com/weechat/weechat.git synced 2026-07-02 07:46:38 +02:00

relay/api: return an error 400 when URL parameter "colors" has an invalid value

This commit is contained in:
Sébastien Helleu
2025-10-26 07:10:30 +01:00
parent 8eed89c43c
commit 58c873809b
6 changed files with 87 additions and 14 deletions
+1
View File
@@ -32,6 +32,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
- api: fix parsing of date/times with timezone offset in function util_parse_time
- irc: fix warning on creation of irc.msgbuffer option when the server name contains upper case letters ([#2281](https://github.com/weechat/weechat/issues/2281))
- relay/api: fix crash when an invalid HTTP request is received from a client
- relay/api: return an error 400 when URL parameter "colors" has an invalid value
## Version 4.7.1 (2025-08-16)
+19 -4
View File
@@ -559,9 +559,9 @@ RELAY_API_PROTOCOL_CALLBACK(buffers)
struct t_gui_line *ptr_line;
struct t_gui_line_data *ptr_line_data;
long lines, lines_free, line_id;
int nicks;
int colors, nicks;
const char *ptr_colors;
char *error;
enum t_relay_api_colors colors;
json = NULL;
@@ -580,8 +580,19 @@ RELAY_API_PROTOCOL_CALLBACK(buffers)
}
nicks = relay_http_get_param_boolean (client->http_req, "nicks", 0);
colors = relay_api_search_colors (
weechat_hashtable_get (client->http_req->params, "colors"));
colors = RELAY_API_COLORS_ANSI;
ptr_colors = weechat_hashtable_get (client->http_req->params, "colors");
if (ptr_colors)
{
colors = relay_api_search_colors (ptr_colors);
if (colors < 0)
{
relay_api_msg_send_error_json (client, RELAY_HTTP_400_BAD_REQUEST, NULL,
"Invalid parameter \"%s\"",
"colors");
return RELAY_API_PROTOCOL_RC_OK;
}
}
if (client->http_req->num_path_items > 3)
{
@@ -1057,8 +1068,12 @@ RELAY_API_PROTOCOL_CALLBACK(sync)
RELAY_API_DATA(client, sync_input) = (cJSON_IsTrue (json_input)) ? 1 : 0;
json_colors = cJSON_GetObjectItem (json_body, "colors");
if (json_colors && cJSON_IsString (json_colors))
{
RELAY_API_DATA(client, sync_colors) = relay_api_search_colors (
cJSON_GetStringValue (json_colors));
if (RELAY_API_DATA(client, sync_colors) < 0)
RELAY_API_DATA(client, sync_colors) = RELAY_API_COLORS_ANSI;
}
}
if (RELAY_API_DATA(client, sync_enabled))
+5 -4
View File
@@ -76,19 +76,20 @@ relay_api_get_buffer_id (struct t_gui_buffer *buffer)
* - RELAY_API_COLORS_STRIP
*/
enum t_relay_api_colors
int
relay_api_search_colors (const char *colors)
{
if (!colors)
return RELAY_API_COLORS_ANSI;
return -1;
if (strcmp (colors, "ansi") == 0)
return RELAY_API_COLORS_ANSI;
if (strcmp (colors, "weechat") == 0)
return RELAY_API_COLORS_WEECHAT;
if (strcmp (colors, "strip") == 0)
return RELAY_API_COLORS_STRIP;
return RELAY_API_COLORS_ANSI;
return -1;
}
/*
+1 -1
View File
@@ -70,7 +70,7 @@ struct t_relay_api_data
};
extern long long relay_api_get_buffer_id (struct t_gui_buffer *buffer);
extern enum t_relay_api_colors relay_api_search_colors (const char *colors);
extern int relay_api_search_colors (const char *colors);
extern void relay_api_hook_signals (struct t_relay_client *client);
extern void relay_api_unhook_signals (struct t_relay_client *client);
extern void relay_api_recv_http (struct t_relay_client *client);
@@ -143,6 +143,12 @@ paths:
type: array
items:
$ref: '#/components/schemas/Buffer'
'400':
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'401':
description: Unauthorized
content:
@@ -177,6 +183,12 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/Buffer'
'400':
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'401':
description: Unauthorized
content:
@@ -217,6 +229,12 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/Buffer'
'400':
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'401':
description: Unauthorized
content:
@@ -258,6 +276,12 @@ paths:
type: array
items:
$ref: '#/components/schemas/Line'
'400':
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'401':
description: Unauthorized
content:
@@ -298,6 +322,12 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/Line'
'400':
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'401':
description: Unauthorized
content:
@@ -339,6 +369,12 @@ paths:
type: array
items:
$ref: '#/components/schemas/Line'
'400':
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'401':
description: Unauthorized
content:
@@ -379,6 +415,12 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/Line'
'400':
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'401':
description: Unauthorized
content:
@@ -416,6 +458,12 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/NickGroup'
'400':
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'401':
description: Unauthorized
content:
@@ -453,6 +501,12 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/NickGroup'
'400':
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'401':
description: Unauthorized
content:
@@ -41,12 +41,14 @@ TEST_GROUP(RelayApi)
TEST(RelayApi, SearchColors)
{
LONGS_EQUAL(RELAY_API_COLORS_ANSI, relay_api_search_colors (NULL));
LONGS_EQUAL(RELAY_API_COLORS_ANSI, relay_api_search_colors (""));
LONGS_EQUAL(RELAY_API_COLORS_ANSI, relay_api_search_colors ("xxx"));
LONGS_EQUAL(RELAY_API_COLORS_ANSI, relay_api_search_colors ("WEECHAT"));
LONGS_EQUAL(RELAY_API_COLORS_ANSI, relay_api_search_colors ("STRIP"));
LONGS_EQUAL(-1, relay_api_search_colors (NULL));
LONGS_EQUAL(-1, relay_api_search_colors (""));
LONGS_EQUAL(-1, relay_api_search_colors ("xxx"));
LONGS_EQUAL(-1, relay_api_search_colors ("ANSI"));
LONGS_EQUAL(-1, relay_api_search_colors ("WEECHAT"));
LONGS_EQUAL(-1, relay_api_search_colors ("STRIP"));
LONGS_EQUAL(RELAY_API_COLORS_ANSI, relay_api_search_colors ("ansi"));
LONGS_EQUAL(RELAY_API_COLORS_WEECHAT, relay_api_search_colors ("weechat"));
LONGS_EQUAL(RELAY_API_COLORS_STRIP, relay_api_search_colors ("strip"));
}