FaceSlim icon indicating copy to clipboard operation
FaceSlim copied to clipboard
verified publisher icon indywidualny

URL aren't clean enough

Open p1gp1g opened this issue 6 years ago • 1 comments

When clicking on a shared link, the parameter 'fbclid' isn't sanitized for example. Adding these lines to cleanUrl in app/src/main/java/org/indywidualni/fblite/util/Miscellany.java should work :

.replaceAll("&fbclid=.*", "").replaceAll("?fbclid=.*", "")
.replaceAll("&ref=.*", "").replaceAll("?ref=.*", "")
.replaceAll("&ref_type=.*", "").replaceAll("?ref_type=.*", "");

The function will be :

private static String cleanUrl(String url) {
        return url.replace("http://lm.facebook.com/l.php?u=", "")
                .replace("https://lm.facebook.com/l.php?u=", "")
                .replace("http://m.facebook.com/l.php?u=", "")
                .replace("https://m.facebook.com/l.php?u=", "")
                .replace("http://0.facebook.com/l.php?u=", "")
                .replace("https://0.facebook.com/l.php?u=", "")
                .replaceAll("&h=.*", "").replaceAll("\\?acontext=.*", "")
                .replaceAll("&fbclid=.*", "").replaceAll("?fbclid=.*", "")
                .replaceAll("&ref=.*", "").replaceAll("?ref=.*", "")
                .replaceAll("&ref_type=.*", "").replaceAll("?ref_type=.*", "");
}

I don't have dev environment to test it.

p1gp1g avatar Apr 04 '19 12:04 p1gp1g

Maybe you will have to change cleanAndDecodeUrl to:

    public static String cleanAndDecodeUrl(String url) {
        return cleanUrl(decodeUrl(url));
}

p1gp1g avatar Apr 04 '19 12:04 p1gp1g