diff options
| author | Uwe Klotz <uklotz@mixxx.org> | 2021-01-04 15:30:48 +0100 |
|---|---|---|
| committer | Uwe Klotz <uklotz@mixxx.org> | 2021-01-04 17:35:37 +0100 |
| commit | 0c4736444d205a3910b1667c20e0b191144c52fc (patch) | |
| tree | 1ed3af61fa4340bfb96095c36ae5347a514fc1c4 /src/network | |
| parent | 819e7e587d334deea4f3f1091108c234e9780221 (diff) | |
JsonWebTask: Validate query URLs
Diffstat (limited to 'src/network')
| -rw-r--r-- | src/network/jsonwebtask.cpp | 18 | ||||
| -rw-r--r-- | src/network/jsonwebtask.h | 2 |
2 files changed, 16 insertions, 4 deletions
diff --git a/src/network/jsonwebtask.cpp b/src/network/jsonwebtask.cpp index 0e355db369..1c4429f6b1 100644 --- a/src/network/jsonwebtask.cpp +++ b/src/network/jsonwebtask.cpp @@ -123,11 +123,11 @@ QDebug operator<<(QDebug dbg, const JsonWebResponse& arg) { JsonWebTask::JsonWebTask( QNetworkAccessManager* networkAccessManager, - const QUrl& baseUrl, + QUrl baseUrl, JsonWebRequest&& request, QObject* parent) : WebTask(networkAccessManager, parent), - m_baseUrl(baseUrl), + m_baseUrl(std::move(baseUrl)), m_request(std::move(request)) { std::call_once(registerMetaTypesOnceFlag, registerMetaTypesOnce); DEBUG_ASSERT(!m_baseUrl.isEmpty()); @@ -244,12 +244,24 @@ QNetworkReply* JsonWebTask::doStartNetworkRequest( DEBUG_ASSERT_QOBJECT_THREAD_AFFINITY(this); DEBUG_ASSERT(networkAccessManager); - DEBUG_ASSERT(m_baseUrl.isValid()); + VERIFY_OR_DEBUG_ASSERT(m_baseUrl.isValid()) { + kLogger.warning() << "Invalid base URL" << m_baseUrl; + return nullptr; + } QUrl url = m_baseUrl; url.setPath(m_request.path); + VERIFY_OR_DEBUG_ASSERT(url.isValid()) { + kLogger.warning() << "Invalid request path" << m_request.path; + return nullptr; + } if (!m_request.query.isEmpty()) { url.setQuery(m_request.query); + VERIFY_OR_DEBUG_ASSERT(url.isValid()) { + kLogger.warning() << "Invalid query string" << m_request.query.toString(); + return nullptr; + } } + // Already validated while composing (see above) DEBUG_ASSERT(url.isValid()); return sendNetworkRequest( diff --git a/src/network/jsonwebtask.h b/src/network/jsonwebtask.h index 544fd97760..67d2c58fc5 100644 --- a/src/network/jsonwebtask.h +++ b/src/network/jsonwebtask.h @@ -54,7 +54,7 @@ class JsonWebTask : public WebTask { public: JsonWebTask( QNetworkAccessManager* networkAccessManager, - const QUrl& baseUrl, + QUrl baseUrl, JsonWebRequest&& request, QObject* parent = nullptr); ~JsonWebTask() override = default; |