From 7744099ee575ce75f0c031b84c1ca9251f3c7630 Mon Sep 17 00:00:00 2001 From: Cody Date: Sat, 13 Jan 2024 13:09:17 -0800 Subject: [PATCH 1/4] cleans protocol to check for duplicate alias prior to saving --- Oqtane.Client/Modules/Admin/Site/Index.razor | 75 +++++++++++--------- 1 file changed, 40 insertions(+), 35 deletions(-) diff --git a/Oqtane.Client/Modules/Admin/Site/Index.razor b/Oqtane.Client/Modules/Admin/Site/Index.razor index 3ad4d605..57f9b66b 100644 --- a/Oqtane.Client/Modules/Admin/Site/Index.razor +++ b/Oqtane.Client/Modules/Admin/Site/Index.razor @@ -812,41 +812,46 @@ } } - private async Task SaveAlias() - { - if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host)) - { - if (!string.IsNullOrEmpty(_aliasname)) - { - var aliases = await AliasService.GetAliasesAsync(); - var alias = aliases.Where(item => item.Name == _aliasname).FirstOrDefault(); - bool unique = (alias == null || alias.AliasId == _aliasid); - if (unique) - { - if (_aliasid == 0) - { - alias = new Alias { SiteId = PageState.Site.SiteId, TenantId = PageState.Site.TenantId, Name = _aliasname, IsDefault = bool.Parse(_defaultalias) }; - await AliasService.AddAliasAsync(alias); - } - else - { - alias = _aliases.Single(item => item.AliasId == _aliasid); - alias.Name = _aliasname; - alias.IsDefault = bool.Parse(_defaultalias); - await AliasService.UpdateAliasAsync(alias); - } - } - else // duplicate alias - { - AddModuleMessage(Localizer["Message.Aliases.Taken"], MessageType.Warning); - } - } - await GetAliases(); - _aliasid = -1; - _aliasname = ""; - StateHasChanged(); - } - } + private async Task SaveAlias() + { + if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host)) + { + if (!string.IsNullOrEmpty(_aliasname)) + { + // Remove 'http://' and 'https://' from the alias name + string cleanedAliasName = _aliasname.Replace("http://", "").Replace("https://", ""); + + var aliases = await AliasService.GetAliasesAsync(); + // Check if the cleaned alias name exists in the database + var alias = aliases.Where(item => item.Name == cleanedAliasName).FirstOrDefault(); + bool unique = (alias == null || alias.AliasId == _aliasid); + if (unique) + { + if (_aliasid == 0) + { + alias = new Alias { SiteId = PageState.Site.SiteId, TenantId = PageState.Site.TenantId, Name = cleanedAliasName, IsDefault = bool.Parse(_defaultalias) }; + await AliasService.AddAliasAsync(alias); + } + else + { + alias = _aliases.Single(item => item.AliasId == _aliasid); + alias.Name = cleanedAliasName; + alias.IsDefault = bool.Parse(_defaultalias); + await AliasService.UpdateAliasAsync(alias); + } + } + else // duplicate alias + { + AddModuleMessage(Localizer["Message.Aliases.Taken"], MessageType.Warning); + await ScrollToPageTop(); + } + } + await GetAliases(); + _aliasid = -1; + _aliasname = ""; + StateHasChanged(); + } + } private async Task CancelAlias() { From 3a5dc629083fea1acee4a8bee01d1dfb498078ff Mon Sep 17 00:00:00 2001 From: Cody Date: Mon, 15 Jan 2024 09:56:11 -0800 Subject: [PATCH 2/4] Sanitize _aliasname by removing protocols --- Oqtane.Client/Modules/Admin/Site/Index.razor | 75 ++++++++++---------- 1 file changed, 36 insertions(+), 39 deletions(-) diff --git a/Oqtane.Client/Modules/Admin/Site/Index.razor b/Oqtane.Client/Modules/Admin/Site/Index.razor index 57f9b66b..8adbd48b 100644 --- a/Oqtane.Client/Modules/Admin/Site/Index.razor +++ b/Oqtane.Client/Modules/Admin/Site/Index.razor @@ -812,46 +812,43 @@ } } - private async Task SaveAlias() - { - if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host)) - { - if (!string.IsNullOrEmpty(_aliasname)) - { - // Remove 'http://' and 'https://' from the alias name - string cleanedAliasName = _aliasname.Replace("http://", "").Replace("https://", ""); - - var aliases = await AliasService.GetAliasesAsync(); - // Check if the cleaned alias name exists in the database - var alias = aliases.Where(item => item.Name == cleanedAliasName).FirstOrDefault(); - bool unique = (alias == null || alias.AliasId == _aliasid); - if (unique) - { - if (_aliasid == 0) - { - alias = new Alias { SiteId = PageState.Site.SiteId, TenantId = PageState.Site.TenantId, Name = cleanedAliasName, IsDefault = bool.Parse(_defaultalias) }; - await AliasService.AddAliasAsync(alias); - } - else - { - alias = _aliases.Single(item => item.AliasId == _aliasid); - alias.Name = cleanedAliasName; - alias.IsDefault = bool.Parse(_defaultalias); - await AliasService.UpdateAliasAsync(alias); - } - } - else // duplicate alias - { - AddModuleMessage(Localizer["Message.Aliases.Taken"], MessageType.Warning); - await ScrollToPageTop(); - } +private async Task SaveAlias() +{ + if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host)) + { + if (!string.IsNullOrEmpty(_aliasname)) + { + _aliasname = _aliasname.Replace("http://", "").Replace("https://", ""); + var aliases = await AliasService.GetAliasesAsync(); + var alias = aliases.Where(item => item.Name == _aliasname).FirstOrDefault(); + bool unique = (alias == null || alias.AliasId == _aliasid); + if (unique) + { + if (_aliasid == 0) + { + alias = new Alias { SiteId = PageState.Site.SiteId, TenantId = PageState.Site.TenantId, Name = _aliasname, IsDefault = bool.Parse(_defaultalias) }; + await AliasService.AddAliasAsync(alias); + } + else + { + alias = _aliases.Single(item => item.AliasId == _aliasid); + alias.Name = _aliasname; + alias.IsDefault = bool.Parse(_defaultalias); + await AliasService.UpdateAliasAsync(alias); + } + } + else // duplicate alias + { + AddModuleMessage(Localizer["Message.Aliases.Taken"], MessageType.Warning); + await ScrollToPageTop(); } - await GetAliases(); - _aliasid = -1; - _aliasname = ""; - StateHasChanged(); - } - } + } + await GetAliases(); + _aliasid = -1; + _aliasname = ""; + StateHasChanged(); + } +} private async Task CancelAlias() { From 3cec9f7ee029f234cb6b6eb44cc12836d2130e57 Mon Sep 17 00:00:00 2001 From: Cody Date: Mon, 15 Jan 2024 09:59:22 -0800 Subject: [PATCH 3/4] fix formatting --- Oqtane.Client/Modules/Admin/Site/Index.razor | 74 ++++++++++---------- 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/Oqtane.Client/Modules/Admin/Site/Index.razor b/Oqtane.Client/Modules/Admin/Site/Index.razor index 8adbd48b..40b3e40f 100644 --- a/Oqtane.Client/Modules/Admin/Site/Index.razor +++ b/Oqtane.Client/Modules/Admin/Site/Index.razor @@ -812,43 +812,43 @@ } } -private async Task SaveAlias() -{ - if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host)) - { - if (!string.IsNullOrEmpty(_aliasname)) - { - _aliasname = _aliasname.Replace("http://", "").Replace("https://", ""); - var aliases = await AliasService.GetAliasesAsync(); - var alias = aliases.Where(item => item.Name == _aliasname).FirstOrDefault(); - bool unique = (alias == null || alias.AliasId == _aliasid); - if (unique) - { - if (_aliasid == 0) - { - alias = new Alias { SiteId = PageState.Site.SiteId, TenantId = PageState.Site.TenantId, Name = _aliasname, IsDefault = bool.Parse(_defaultalias) }; - await AliasService.AddAliasAsync(alias); - } - else - { - alias = _aliases.Single(item => item.AliasId == _aliasid); - alias.Name = _aliasname; - alias.IsDefault = bool.Parse(_defaultalias); - await AliasService.UpdateAliasAsync(alias); - } - } - else // duplicate alias - { - AddModuleMessage(Localizer["Message.Aliases.Taken"], MessageType.Warning); - await ScrollToPageTop(); - } - } - await GetAliases(); - _aliasid = -1; - _aliasname = ""; - StateHasChanged(); - } -} + private async Task SaveAlias() + { + if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host)) + { + if (!string.IsNullOrEmpty(_aliasname)) + { + _aliasname = _aliasname.Replace("http://", "").Replace("https://", ""); + var aliases = await AliasService.GetAliasesAsync(); + var alias = aliases.Where(item => item.Name == _aliasname).FirstOrDefault(); + bool unique = (alias == null || alias.AliasId == _aliasid); + if (unique) + { + if (_aliasid == 0) + { + alias = new Alias { SiteId = PageState.Site.SiteId, TenantId = PageState.Site.TenantId, Name = _aliasname, IsDefault = bool.Parse(_defaultalias) }; + await AliasService.AddAliasAsync(alias); + } + else + { + alias = _aliases.Single(item => item.AliasId == _aliasid); + alias.Name = _aliasname; + alias.IsDefault = bool.Parse(_defaultalias); + await AliasService.UpdateAliasAsync(alias); + } + } + else // duplicate alias + { + AddModuleMessage(Localizer["Message.Aliases.Taken"], MessageType.Warning); + await ScrollToPageTop(); + } + } + await GetAliases(); + _aliasid = -1; + _aliasname = ""; + StateHasChanged(); + } + } private async Task CancelAlias() { From bfed0ed79179befc96a20bc7a5365bad8ea786db Mon Sep 17 00:00:00 2001 From: Cody Date: Tue, 16 Jan 2024 10:43:24 -0800 Subject: [PATCH 4/4] Refactor SaveAlias method and add URL protocol check Restructured the SaveAlias method for improved readability and added a check to handle cases where the _aliasname contains a URL protocol (e.g., "://"). This ensures proper handling of different URL formats. --- Oqtane.Client/Modules/Admin/Site/Index.razor | 74 ++++++++++++-------- 1 file changed, 43 insertions(+), 31 deletions(-) diff --git a/Oqtane.Client/Modules/Admin/Site/Index.razor b/Oqtane.Client/Modules/Admin/Site/Index.razor index 40b3e40f..01a6bba3 100644 --- a/Oqtane.Client/Modules/Admin/Site/Index.razor +++ b/Oqtane.Client/Modules/Admin/Site/Index.razor @@ -814,40 +814,52 @@ private async Task SaveAlias() { - if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host)) - { - if (!string.IsNullOrEmpty(_aliasname)) - { - _aliasname = _aliasname.Replace("http://", "").Replace("https://", ""); + if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host)) + { + if (!string.IsNullOrEmpty(_aliasname)) + { var aliases = await AliasService.GetAliasesAsync(); - var alias = aliases.Where(item => item.Name == _aliasname).FirstOrDefault(); - bool unique = (alias == null || alias.AliasId == _aliasid); - if (unique) - { - if (_aliasid == 0) - { - alias = new Alias { SiteId = PageState.Site.SiteId, TenantId = PageState.Site.TenantId, Name = _aliasname, IsDefault = bool.Parse(_defaultalias) }; - await AliasService.AddAliasAsync(alias); - } - else - { - alias = _aliases.Single(item => item.AliasId == _aliasid); - alias.Name = _aliasname; - alias.IsDefault = bool.Parse(_defaultalias); - await AliasService.UpdateAliasAsync(alias); - } - } - else // duplicate alias - { - AddModuleMessage(Localizer["Message.Aliases.Taken"], MessageType.Warning); + + int protocolIndex = _aliasname.IndexOf("://", StringComparison.OrdinalIgnoreCase); + if (protocolIndex != -1) + { + _aliasname = _aliasname.Substring(protocolIndex + 3); + } + + var alias = aliases.FirstOrDefault(item => item.Name == _aliasname); + + bool unique = (alias == null || alias.AliasId == _aliasid); + + if (unique) + { + if (_aliasid == 0) + { + alias = new Alias { SiteId = PageState.Site.SiteId, TenantId = PageState.Site.TenantId, Name = _aliasname, IsDefault = bool.Parse(_defaultalias) }; + await AliasService.AddAliasAsync(alias); + } + else + { + alias = _aliases.SingleOrDefault(item => item.AliasId == _aliasid); + if (alias != null) + { + alias.Name = _aliasname; + alias.IsDefault = bool.Parse(_defaultalias); + await AliasService.UpdateAliasAsync(alias); + } + } + + await GetAliases(); + _aliasid = -1; + _aliasname = ""; + StateHasChanged(); + } + else // Duplicate alias + { + AddModuleMessage(Localizer["Message.Aliases.Taken"], MessageType.Warning); await ScrollToPageTop(); } - } - await GetAliases(); - _aliasid = -1; - _aliasname = ""; - StateHasChanged(); - } + } + } } private async Task CancelAlias()