Issue 14324: Sanitize profile input

2025-06-07 15:54:26 +02:00 · 2024-07-28 04:34:44 +00:00 · 2024-07-28 04:34:44 +00:00 · ef71840ddc
commit ef71840ddc
parent aae004d3d2
4 changed files with 38 additions and 6 deletions
--- a/update.php
+++ b/update.php
@ -1486,4 +1486,31 @@ function update_1566()
 		Profile::setResponsibleRelayContact($user['uid']);
 	}
 	DBA::close($users);
-}
+}
+
+function update_1571()
+{
+	$profiles = DBA::select('profile', ['uid', 'homepage', 'xmpp', 'matrix']);
+	while ($profile = DBA::fetch($profiles)) {
+		$homepage = str_replace(['<', '>', '"', ' '], '', $profile['homepage']);
+		$xmpp     = str_replace(['<', '>', '"', ' '], '', $profile['xmpp']);
+		$matrix   = str_replace(['<', '>', '"', ' '], '', $profile['matrix']);
+
+		$fields = [];
+		if ($homepage != $profile['homepage']) {
+			$fields['homepage'] = $homepage;
+		}
+		if ($xmpp != $profile['xmpp']) {
+			$fields['xmpp'] = $xmpp;
+		}
+		if ($matrix != $profile['matrix']) {
+			$fields['matrix'] = $matrix;
+		}
+		if (!empty($fields)) {
+			Profile::update($fields, $profile['uid']);
+		}
+	}
+	DBA::close($profiles);
+
+	return Update::SUCCESS;
+}