Union/ProjectLighthouse
1
0
Fork 0
mirror of https://github.com/LBPUnion/ProjectLighthouse.git synced 2025-08-11 06:18:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add more sanitization to reduce deserialization errors

Browse source
This commit is contained in:
Slendy 2022-11-13 17:05:24 -06:00
commit a253e768a7
No known key found for this signature in database
GPG key ID: 7288D68361B91428
2 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
ProjectLighthouse/Extensions/ControllerExtensions.cs
View file

@ -2,6 +2,7 @@
using System;
using System.IO;
using System.Linq;
using System.Text.RegularExpressions;
using System.Threading.Tasks;
using System.Xml.Serialization;
using LBPUnion.ProjectLighthouse.Helpers;
@ -29,9 +30,13 @@ public static class ControllerExtensions
try
{
// Prevent unescaped ampersands from causing deserialization to fail
bodyString = Regex.Replace(bodyString, "&(?!(amp|apos|quot|lt|gt);)", "&");
XmlRootAttribute? root = null;
if (rootElements.Length > 0)
{
//TODO: This doesn't support root tags with attributes, but it's only used in scenarios where there shouldn't any (UpdateUser and Playlists)
string? matchedRoot = rootElements.FirstOrDefault(e => bodyString.StartsWith($@"<{e}>"));
if (matchedRoot == null)
{

2
ProjectLighthouse/Helpers/SanitizationHelper.cs
View file

@ -11,6 +11,8 @@ public static class SanitizationHelper
private static readonly Dictionary<string, string> charsToReplace = new() {
{"<", "&lt;"},
{">", "&gt;"},
{"\"", "&quot;"},
{"'", "&apos;"},
};
public static void SanitizeStringsInClass(object? instance)