-
-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix validation of adlist url #3912
Conversation
It's not a good character. https://stackoverflow.com/a/19511469 You need to percent encode in your configuration, not allow an invalid character in the URL. |
1759ea2
to
4a7ef7b
Compare
Hi, I rewrote the fix inspired from: https://github.com/pi-hole/pi-hole/blob/4a7ef7bb18a923b51cc3708d56de5bafbeb94a4f/gravity.sh#L634-L639 for removal of schema and bascauth before validating against unchanged regex for valid chars. |
If you want |
3.2.(1.)? section of RFC 3986 is allowing @ right before host for including User Information.
If Pi-hole should not support this feature why https://github.com/pi-hole/pi-hole/blob/4a7ef7bb18a923b51cc3708d56de5bafbeb94a4f/gravity.sh#L634 is acknowledging that it's valid part or URL. |
That's probably because you didn't quote the URL?
|
That tells me that code has been there for over 3 years, so either you're the first person in 3 years to find it doesn't work, or there's something else that needs to be addressed before changing the code. |
still the same error code if using on Yeah I am probably the first one. I want to host mine adlist, but I don't want it to be public, so for authentication I am using basicauth. There should not be url encoding of @: @ is reserved char per https://tools.ietf.org/html/rfc3986#section-2.2, you are right that you should not have @ in the URL path/parameters part. Per 2.2 @ is reserved char, that can be used in URL at most one time and few more restrictions. Therefor checking existing goodchars only in I think I can not provide more information than this. If this is not sufficient, feel free to close this PR. |
An alternative solution would be to check for url="https://user:pass@fqdn/dir/file.list"
check_url="$(sed -r "s#(.*)@#\1X#" <<< "${url}")" the result is Note that it will only replace one What do you think? |
This is not consicering the placement of @ relative to /.
This looks way better. I will play with it to ensure the place of @. |
Already existing regex validation will be used on url after removing @ (in case its in separating userinfo and host). Signed-off-by: Matej Dujava <mdujava@kocurkovo.cz> Fixes: pi-hole#3911 Fixes: 7d19ee1: validate blocklist URL before adding to the database (pi-hole#3237)
both ways are possible as first answer shows, you can encode it as %40 or not even in path section. Both of those URLs will redirect you to wikipedia page "@". |
And does |
Yes
|
Web side of fix pi-hole/pi-hole#3912 Signed-off-by: Matej Dujava <mdujava@kocurkovo.cz>
Web side of fix pi-hole/pi-hole#3912 Signed-off-by: Matej Dujava <mdujava@kocurkovo.cz>
Web side of fix pi-hole/pi-hole#3912 Signed-off-by: Matej Dujava <mdujava@kocurkovo.cz>
This pull request has been mentioned on Pi-hole Userspace. There might be relevant details there: https://discourse.pi-hole.net/t/pi-hole-core-v5-2-3-web-v5-3-and-ftl-v5-4-released/43009/1 |
By submitting this pull request, I confirm the following:
please fill any appropriate checkboxes, e.g: [X]
git rebase
)Please make sure you Sign Off all commits. Pi-hole enforces the DCO.
What does this PR aim to accomplish?:
This PR is fixing #3911 as last verification of url, before downloading adlist from it, has missing good character, therefor valid url with basicauth user:pass (eg.
https://user:pass@fqdn/dir/file.list
) is evaluated as invalid.How does this PR accomplish the above?:
Regex which is used as validator is updated to accept
@
as valid character. As char@
is missing, adding it to the regex will fix the issue.What documentation changes (if any) are needed to support this PR?:
This is fixing back-end URL validation and there is no change in user interaction, therefor no documentation change needed.