Skip to content

Commit

Permalink
Changed the way requests that don't match any elements generate the `…
Browse files Browse the repository at this point in the history 
…canonicalUrl`, to avoid potentially executing injected Twig code

Signed-off-by: Andrew Welch <andrew@nystudio107.com>
  • Loading branch information
@khalwat
khalwat committed Jul 23, 2018
1 parent d39f4e9 commit 1e7d1d0
Show file tree
Hide file tree
Showing 4 changed files with 72 additions and 29 deletions.
6 changes: 6 additions & 0 deletions src/helpers/DynamicMeta.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -500,6 +500,12 @@ public static function getLocalizedUrls(string $uri = null, int $siteId = null):
Craft::error($e->getMessage(), __METHOD__);
}
}
// Strip any query string params, and make sure we have an absolute URL with protocol
if ($urlParams === null) {
$url = UrlHelper::stripQueryString($url);
}
$url = UrlHelper::absoluteUrlWithProtocol($url);

$url = $url ?? '';
$language = $site->language;
$ogLanguage = str_replace('-', '_', $language);
Expand Down
14 changes: 14 additions & 0 deletions src/models/MetaGlobalVars.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,20 @@ public function __construct(array $config = [])
parent::__construct($config);
}

/**
* @inheritdoc
*/
public function init()
{
parent::init();
// If we have potentially unsafe Twig code, strip it out
if (!empty($this->canonicalUrl)) {
if (strpos($this->canonicalUrl, 'craft.app.request.pathInfo') !== false) {
$this->canonicalUrl = '{seomatic.helper.safeCanonicalUrl()}';
}
}
}

/**
* @inheritdoc
*/
Expand Down
2 changes: 1 addition & 1 deletion src/seomatic-config/globalmeta/GlobalVars.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
'seoImageWidth' => '',
'seoImageHeight' => '',
'seoImageDescription' => '',
'canonicalUrl' => '{{ craft.app.request.pathInfo | striptags }}',
'canonicalUrl' => '{seomatic.helper.safeCanonicalUrl()}',
'robots' => 'all',
'ogType' => 'website',
'ogTitle' => '{seomatic.meta.seoTitle}',
Expand Down
79 changes: 51 additions & 28 deletions src/services/Helper.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,20 +11,23 @@

namespace nystudio107\seomatic\services;

use nystudio107\seomatic\helpers\UrlHelper;
use nystudio107\seomatic\Seomatic;
use nystudio107\seomatic\helpers\DynamicMeta as DynamicMetaHelper;
use nystudio107\seomatic\helpers\ImageTransform as ImageTransformHelper;
use nystudio107\seomatic\helpers\Schema as SchemaHelper;
use nystudio107\seomatic\helpers\Text as TextHelper;

use Craft;
use craft\base\Component;
use craft\elements\Asset;
use craft\elements\db\MatrixBlockQuery;
use craft\elements\db\TagQuery;
use craft\helpers\Template;
use craft\helpers\UrlHelper;
use craft\web\twig\variables\Paginate;

use yii\base\InvalidConfigException;

/**
* @author nystudio107
* @package Seomatic
Expand All @@ -38,9 +41,28 @@ class Helper extends Component
// Public Methods
// =========================================================================

/**
* Return the canonical URL for the request, with the query string stripped
*
* @return string
*/
public static function safeCanonicalUrl(): string
{
$url = '';
try {
$url = Craft::$app->getRequest()->getPathInfo();
} catch (InvalidConfigException $e) {
Craft::error($e->getMessage(), __METHOD__);
}
$url = UrlHelper::stripQueryString($url);

return UrlHelper::absoluteUrlWithProtocol($url);
}

/**
* Paginate based on the passed in Paginate variable as returned from the
* Twig {% paginate %} tag: https://docs.craftcms.com/v3/templating/tags/paginate.html#the-pageInfo-variable
* Twig {% paginate %} tag:
* https://docs.craftcms.com/v3/templating/tags/paginate.html#the-pageInfo-variable
*
* @param Paginate $pageInfo
*/
Expand Down Expand Up @@ -86,8 +108,8 @@ public static function truncateOnWord($string, $length, $substring = '…'): str
* Return a list of localized URLs that are in the current site's group
* The current URI is used if $uri is null. Similarly, the current site is
* used if $siteId is null.
* The resulting array of arrays has `id`, `language`, `ogLanguage`, `hreflangLanguage`,
* and `url` as keys.
* The resulting array of arrays has `id`, `language`, `ogLanguage`,
* `hreflangLanguage`, and `url` as keys.
*
* @param string|null $uri
* @param int|null $siteId
Expand Down Expand Up @@ -131,6 +153,7 @@ public static function seoFileLink($url, $robots = '', $canonical = '', $inline
.$inlineStr
.'/'
.$fileName;

return Template::raw(UrlHelper::siteUrl($seoFileLink));
}

Expand Down Expand Up @@ -238,6 +261,30 @@ public static function extractSummary($text = '', $useStopWords = true): string
return TextHelper::extractSummary($text, $useStopWords);
}

/**
* Return a flattened, indented menu of the given $path
*
* @param string $path
*
* @return array
*/
public static function getTypeMenu($path): array
{
return SchemaHelper::getTypeMenu($path);
}

/**
* Return a single menu of schemas starting at $path
*
* @param string $path
*
* @return array
*/
public static function getSingleTypeMenu($path): array
{
return SchemaHelper::getSingleTypeMenu($path);
}

/**
* Transform the $asset for social media sites in $transformName and
* optional $siteId
Expand Down Expand Up @@ -282,28 +329,4 @@ public function socialTransformHeight($asset, string $transformName = '', $siteI
{
return ImageTransformHelper::socialTransformHeight($asset, $transformName, $siteId);
}

/**
* Return a flattened, indented menu of the given $path
*
* @param string $path
*
* @return array
*/
public static function getTypeMenu($path): array
{
return SchemaHelper::getTypeMenu($path);
}

/**
* Return a single menu of schemas starting at $path
*
* @param string $path
*
* @return array
*/
public static function getSingleTypeMenu($path): array
{
return SchemaHelper::getSingleTypeMenu($path);
}
}

0 comments on commit 1e7d1d0

Please sign in to comment.