1
0
mirror of https://github.com/yattee/yattee.git synced 2025-01-07 18:10:33 +05:30

sanitise user and password in url

Signed-off-by: Toni Förster <toni.foerster@gmail.com>
This commit is contained in:
Toni Förster 2024-08-28 16:21:49 +02:00
parent 772e5016c4
commit cea2684a29
No known key found for this signature in database
GPG Key ID: 292F3E5086C83FC7

View File

@ -10,11 +10,28 @@ struct AccountsBridge: Defaults.Bridge {
return nil return nil
} }
// Parse the urlString to check for embedded username and password
var sanitizedUrlString = value.urlString
if var urlComponents = URLComponents(string: value.urlString) {
if let user = urlComponents.user, let password = urlComponents.password {
// Sanitize the embedded username and password
let sanitizedUser = user.addingPercentEncoding(withAllowedCharacters: .urlUserAllowed) ?? user
let sanitizedPassword = password.addingPercentEncoding(withAllowedCharacters: .urlPasswordAllowed) ?? password
// Update the URL components with sanitized credentials
urlComponents.user = sanitizedUser
urlComponents.password = sanitizedPassword
// Reconstruct the sanitized URL
sanitizedUrlString = urlComponents.string ?? value.urlString
}
}
return [ return [
"id": value.id, "id": value.id,
"instanceID": value.instanceID ?? "", "instanceID": value.instanceID ?? "",
"name": value.name, "name": value.name,
"apiURL": value.urlString, "apiURL": sanitizedUrlString,
"username": value.username, "username": value.username,
"password": value.password ?? "" "password": value.password ?? ""
] ]