search

indywidualny / FaceSlim

Web App for Facebook. Lightweight, ad-free, chat support and modern look.
http://indywidualni.org
GNU General Public License v2.0
318 stars 63 forks source link

URL aren't clean enough #391

Open p1gp1g opened 5 years ago

p1gp1g commented 5 years ago

When clicking on a shared link, the parameter 'fbclid' isn't sanitized for example. Adding these lines to cleanUrl in app/src/main/java/org/indywidualni/fblite/util/Miscellany.java should work : 

.replaceAll("&fbclid=.*", "").replaceAll("?fbclid=.*", "")
.replaceAll("&ref=.*", "").replaceAll("?ref=.*", "")
.replaceAll("&ref_type=.*", "").replaceAll("?ref_type=.*", "");

The function will be : 

private static String cleanUrl(String url) {
        return url.replace("http://lm.facebook.com/l.php?u=", "")
                .replace("https://lm.facebook.com/l.php?u=", "")
                .replace("http://m.facebook.com/l.php?u=", "")
                .replace("https://m.facebook.com/l.php?u=", "")
                .replace("http://0.facebook.com/l.php?u=", "")
                .replace("https://0.facebook.com/l.php?u=", "")
                .replaceAll("&h=.*", "").replaceAll("\\?acontext=.*", "")
                .replaceAll("&fbclid=.*", "").replaceAll("?fbclid=.*", "")
                .replaceAll("&ref=.*", "").replaceAll("?ref=.*", "")
                .replaceAll("&ref_type=.*", "").replaceAll("?ref_type=.*", "");
}

I don't have dev environment to test it.

p1gp1g commented 5 years ago

Maybe you will have to change cleanAndDecodeUrl to:

    public static String cleanAndDecodeUrl(String url) {
        return cleanUrl(decodeUrl(url));
}