movim icon indicating copy to clipboard operation
movim copied to clipboard
verified publisher icon movim

[WIP] Fix and complete server-side JID validation and escaping.

Open Natureshadow opened this issue 6 years ago • 5 comments

Natureshadow avatar May 23 '19 00:05 Natureshadow

Thanks a lo, I'll review it asap! You've added a dependency, is it OK regarding the packages (like the Debian one?).

edhelas avatar May 23 '19 07:05 edhelas

Hi,

Thanks a lo, I'll review it asap! You've added a dependency, is it OK regarding the packages (like the Debian one?).

For Debian, I will of course take care of that. For everything else, it has to be - no JID validation is possible without that (except with copying the code, of course).

Natureshadow avatar May 23 '19 10:05 Natureshadow

I updated a lot, please review again, @edhelas ☺!

Natureshadow avatar May 27 '19 09:05 Natureshadow

As I'm not planning to maintain a specifical stringprep dependency from that I'm assuming that the only proper way to do so would be to directly call "idn" (http://www.gnu.org/software/libidn/manual/html_node/Invoking-idn.html) and call it from PHP. I'm already using it during the registration process (see https://api.movim.eu/accounts/register) and it has a complete Nodeprep implementation.

edhelas avatar Mar 02 '21 21:03 edhelas

Let's see if I can revive this PR :)

edhelas avatar Mar 01 '23 13:03 edhelas