mirrors/keepassxc
1
0
Fork 0
mirror of https://github.com/keepassxreboot/keepassxc.git synced 2025-04-05 13:37:43 +03:00
Code Issues Projects Releases Packages Wiki Activity

Fix subdomain matching

Browse source
This commit is contained in:
varjolintu 2019-11-12 22:38:20 +02:00 committed by Jonathan White
parent a590289900
commit e2c95f75f1
4 changed files with 167 additions and 148 deletions
Download patch file Download diff file Expand all files Collapse all files

34
src/browser/BrowserService.cpp
View file

@ -380,7 +380,7 @@ QJsonArray BrowserService::findMatchingEntries(const QString& id,
// Check entries for authorization
QList<Entry*> pwEntriesToConfirm;
QList<Entry*> pwEntries;
for (auto* entry : searchEntries(url, keyList)) {
for (auto* entry : searchEntries(url, submitUrl, keyList)) {
if (entry->customData()->contains(BrowserService::OPTION_HIDE_ENTRY)
&& entry->customData()->value(BrowserService::OPTION_HIDE_ENTRY) == "true") {
continue;
@ -583,7 +583,7 @@ BrowserService::ReturnValue BrowserService::updateEntry(const QString& id,
}
QList<Entry*>
BrowserService::searchEntries(const QSharedPointer<Database>& db, const QString& hostname, const QString& url)
BrowserService::searchEntries(const QSharedPointer<Database>& db, const QString& url, const QString& submitUrl)
{
QList<Entry*> entries;
auto* rootGroup = db->rootGroup();
@ -601,20 +601,18 @@ BrowserService::searchEntries(const QSharedPointer<Database>& db, const QString&
continue;
}
auto domain = baseDomain(hostname);
// Search for additional URL's starting with KP2A_URL
if (entry->attributes()->keys().contains(ADDITIONAL_URL)) {
for (const auto& key : entry->attributes()->keys()) {
if (key.startsWith(ADDITIONAL_URL)
&& handleURL(entry->attributes()->value(key), domain, url)) {
&& handleURL(entry->attributes()->value(key), url, submitUrl)) {
entries.append(entry);
continue;
}
}
}
if (!handleURL(entry->url(), domain, url)) {
if (!handleURL(entry->url(), url, submitUrl)) {
continue;
}
@ -625,7 +623,7 @@ BrowserService::searchEntries(const QSharedPointer<Database>& db, const QString&
return entries;
}
QList<Entry*> BrowserService::searchEntries(const QString& url, const StringPairList& keyList)
QList<Entry*> BrowserService::searchEntries(const QString& url, const QString& submitUrl, const StringPairList& keyList)
{
// Check if database is connected with KeePassXC-Browser
auto databaseConnected = [&](const QSharedPointer<Database>& db) {
@ -662,7 +660,7 @@ QList<Entry*> BrowserService::searchEntries(const QString& url, const StringPair
QList<Entry*> entries;
do {
for (const auto& db : databases) {
entries << searchEntries(db, hostname, url);
entries << searchEntries(db, url, submitUrl);
}
} while (entries.isEmpty() && removeFirstDomain(hostname));
@ -1000,7 +998,7 @@ bool BrowserService::removeFirstDomain(QString& hostname)
return false;
}
bool BrowserService::handleURL(const QString& entryUrl, const QString& hostname, const QString& url)
bool BrowserService::handleURL(const QString& entryUrl, const QString& url, const QString& submitUrl)
{
if (entryUrl.isEmpty()) {
return false;
@ -1017,31 +1015,35 @@ bool BrowserService::handleURL(const QString& entryUrl, const QString& hostname,
}
}
// Make a direct compare if a local file is used
if (url.contains("file://")) {
return entryUrl == submitUrl;
}
// URL host validation fails
if (browserSettings()->matchUrlScheme() && entryQUrl.host().isEmpty()) {
if (entryQUrl.host().isEmpty()) {
return false;
}
// Match port, if used
QUrl qUrl(url);
if (entryQUrl.port() > 0 && entryQUrl.port() != qUrl.port()) {
QUrl siteQUrl(url);
if (entryQUrl.port() > 0 && entryQUrl.port() != siteQUrl.port()) {
return false;
}
// Match scheme
if (browserSettings()->matchUrlScheme() && !entryQUrl.scheme().isEmpty() && entryQUrl.scheme().compare(qUrl.scheme()) != 0) {
if (browserSettings()->matchUrlScheme() && !entryQUrl.scheme().isEmpty() && entryQUrl.scheme().compare(siteQUrl.scheme()) != 0) {
return false;
}
// Check for illegal characters
QRegularExpression re("[<>\\^`{|}]");
auto match = re.match(entryUrl);
if (match.hasMatch()) {
if (re.match(entryUrl).hasMatch()) {
return false;
}
// Filter to match hostname in URL field
if (entryQUrl.host().endsWith(hostname)) {
if (siteQUrl.host().endsWith(entryQUrl.host())) {
return true;
}