smarter URL validation

tomysshadow · tomysshadow · commit cf508554658e · 2023-01-23T00:02:14.000-07:00
diff --git a/FlashpointSecurePlayer/FlashpointSecurePlayerGUI.cs b/FlashpointSecurePlayer/FlashpointSecurePlayerGUI.cs
@@ -525,7 +525,7 @@ private void ActivateMode(TemplateElement templateElement, ErrorDelegate errorDe
                         Uri webBrowserURL = null;
 
                         try {
-                            webBrowserURL = new Uri(AddURLProtocol(URL));
+                            webBrowserURL = new Uri(ValidateURL(URL), UriKind.Absolute);
                         } catch (Exception ex) {
                             LogExceptionToLauncher(ex);
                             errorDelegate(String.Format(Properties.Resources.AddressNotUnderstood, URL));
@@ -1346,7 +1346,7 @@ await ImportActiveX(delegate (string text) {
 
                 if (templateElement.Mode.Name == ModeElement.NAME.SOFTWARE) {
                     try {
-                        Uri requestUri = await DownloadAsync(AddURLProtocol(URL)).ConfigureAwait(true);
+                        Uri requestUri = await DownloadAsync(ValidateURL(URL)).ConfigureAwait(true);
 
                         StringBuilder htdocsFilePath = new StringBuilder(HTDOCS);
 
diff --git a/FlashpointSecurePlayer/Properties/AssemblyInfo.cs b/FlashpointSecurePlayer/Properties/AssemblyInfo.cs
@@ -33,7 +33,7 @@
 // You can specify all the values or you can default the Build and Revision Numbers
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("2.1.4.0")]
-[assembly: AssemblyFileVersion("2.1.4.0")]
+[assembly: AssemblyVersion("2.1.5.0")]
+[assembly: AssemblyFileVersion("2.1.5.0")]
 [assembly: NeutralResourcesLanguage("en")]
 
diff --git a/FlashpointSecurePlayer/README.md b/FlashpointSecurePlayer/README.md
@@ -1,4 +1,4 @@
-# Flashpoint Secure Player 2.1.4
+# Flashpoint Secure Player 2.1.5
 This player attempts to solve common compatibility or portability issues posed by browser plugins on Windows for the purpose of playback in BlueMaxima's Flashpoint.
 
 It is compatible with Windows 7, Windows 8, Windows 8.1 and Windows 10, and requires .NET Framework 4.5. If you are on Windows 8.1 or Windows 10, or if you are on Windows 7/8 and have updates enabled, you already have .NET Framework 4.5. Otherwise, you may [download .NET Framework 4.5.](http://www.microsoft.com/en-us/download/details.aspx?id=30653)
diff --git a/FlashpointSecurePlayer/Shared.cs b/FlashpointSecurePlayer/Shared.cs
@@ -186,6 +186,29 @@ public static extern uint GetLongPathName(
             uint cchBuffer
         );
 
+        public const uint INTERNET_MAX_PATH_LENGTH = 2048;
+        public const uint INTERNET_MAX_SCHEME_LENGTH = 32;
+        static readonly uint INTERNET_MAX_URL_LENGTH = INTERNET_MAX_SCHEME_LENGTH + (uint)"://".Length + INTERNET_MAX_PATH_LENGTH;
+
+        [Flags]
+        public enum URL_APPLYFlags : uint {
+            URL_APPLY_DEFAULT = 0x00000001,
+            URL_APPLY_GUESSSCHEME = 0x00000002,
+            URL_APPLY_GUESSFILE = 0x00000004,
+            URL_APPLY_FORCEAPPLY = 0x00000008
+        }
+
+        [DllImport("SHLWAPI.DLL", CharSet = CharSet.Auto, CallingConvention = CallingConvention.Winapi)]
+        public static extern int UrlApplyScheme(
+            [MarshalAs(UnmanagedType.LPTStr)]
+            string pszIn,
+
+            [MarshalAs(UnmanagedType.LPTStr)]
+            StringBuilder pszOut,
+
+            ref uint pcchOut,
+            URL_APPLYFlags dwFlags);
+
         public enum OS : uint {
             OS_WINDOWS = 0,
             OS_NT = 1,
@@ -1958,6 +1981,55 @@ public string this[string shortPath] {
             public static PathNamesLong Long { get; } = new PathNamesLong();
         }
 
+        private const string URI_SCHEME_HTTP = "http";
+        private const string URI_SCHEME_HTTPS = "https";
+        private const string URI_SCHEME_FTP = "ftp";
+
+        public static string ValidateURL(string url) {
+            // first try a guessed scheme
+            // (for example, guess HTTP for www subdomain, FTP for ftp subdomain...)
+            StringBuilder validatedURL = new StringBuilder((int)INTERNET_MAX_URL_LENGTH);
+            uint validatedURLCapacity = (uint)validatedURL.Capacity;
+
+            int err = UrlApplyScheme(url, validatedURL, ref validatedURLCapacity, URL_APPLYFlags.URL_APPLY_GUESSSCHEME);
+
+            if (err == S_OK
+                && validatedURLCapacity < validatedURL.Capacity) {
+                url = validatedURL.ToString();
+            } else {
+                // second try the default scheme
+                // we only do this to see if it returns S_FALSE
+                // if so, we know there is already a scheme and don't add our own
+                // we do not use the validated URL given by UrlApplyScheme here
+                validatedURL.Clear();
+                validatedURLCapacity = (uint)validatedURL.Capacity;
+
+                err = UrlApplyScheme(url, validatedURL, ref validatedURLCapacity, URL_APPLYFlags.URL_APPLY_DEFAULT);
+
+                // workaround: we always want to use HTTP, regardless of the default
+                // (in case the default is HTTPS)
+                if (err != S_FALSE) {
+                    // skip leading slashes for protocol-less URLs
+                    if (url.StartsWith("//", StringComparison.Ordinal)) {
+                        url = url.Substring(2);
+                    }
+
+                    url = URI_SCHEME_HTTP + "://" + url;
+                }
+            }
+            return url;
+        }
+
+        public static bool TestInternetURI(Uri uri) {
+            if (uri.IsFile) {
+                return false;
+            }
+
+            // the URI Scheme is always lowercase
+            string scheme = uri.Scheme;
+            return scheme == URI_SCHEME_HTTP || scheme == URI_SCHEME_HTTPS || scheme == URI_SCHEME_FTP;
+        }
+
         public static string GetWindowsVersionName(bool edition, bool servicePack, bool architecture) {
             OperatingSystem operatingSystem = Environment.OSVersion;
             string versionName = "Windows ";
@@ -2573,50 +2645,6 @@ public static Process StartProcessCreateBreakawayFromJob(ProcessStartInfo proces
             }
         }
 
-        private static int GetURLProtocolLength(string url) {
-            Uri uri;
-
-            try {
-                uri = new Uri(url);
-            } catch {
-                return 0;
-            }
-
-            if (String.IsNullOrEmpty(uri.Scheme)) {
-                return 0;
-            }
-            return (uri.Scheme + "://").Length;
-        }
-
-        public static bool HasURLProtocol(string url) {
-            return GetURLProtocolLength(url) > 0;
-        }
-
-        public static string AddURLProtocol(string url) {
-            if (GetURLProtocolLength(url) == 0) {
-                return "http://" + url;
-            }
-            return url;
-        }
-
-        public static string RemoveURLProtocol(string url) {
-            return url.Substring(GetURLProtocolLength(url));
-        }
-
-        public static bool TestInternetURI(Uri uri) {
-            if (uri.IsFile) {
-                return false;
-            }
-
-            const string SCHEME_HTTP = "http";
-            const string SCHEME_HTTPS = "https";
-            const string SCHEME_FTP = "ftp";
-
-            // the URI Scheme is always lowercase
-            string scheme = uri.Scheme;
-            return scheme == SCHEME_HTTP || scheme == SCHEME_HTTPS || scheme == SCHEME_FTP;
-        }
-
         public static BINARY_TYPE GetLibraryBinaryType(string libFileName) {
             IntPtr moduleHandle = IntPtr.Zero;
 
diff --git a/FlashpointSecurePlayer/WebBrowserMode.cs b/FlashpointSecurePlayer/WebBrowserMode.cs
@@ -1,10 +1,13 @@
-﻿using System;
+﻿using SHDocVw;
+
+using System;
 using System.Collections.Generic;
 using System.ComponentModel;
 using System.Data;
 using System.Drawing;
 using System.IO;
 using System.Linq;
+using System.Media;
 using System.Runtime.InteropServices;
 using System.Security.Permissions;
 using System.Text;
@@ -13,8 +16,6 @@
 using static FlashpointSecurePlayer.Shared;
 using static FlashpointSecurePlayer.Shared.Exceptions;
 
-using SHDocVw;
-
 namespace FlashpointSecurePlayer {
     public partial class WebBrowserMode : Form {
         private readonly HookProc lowLevelMouseProc;
@@ -380,6 +381,22 @@ public WebBrowserMode(Uri webBrowserURL, bool useFlashActiveXControl = false) {
             statusBarStatusStrip.Renderer = new EndEllipsisTextRenderer();
         }
 
+        private bool addressToolStripSpringTextBoxEntered = false;
+
+        public void AddressInvalid() {
+            // focus the address again, if the user clicked the go button
+            SystemSounds.Beep.Play();
+
+            addressToolStripSpringTextBox.Focus();
+            addressToolStripSpringTextBox.SelectionStart = addressToolStripSpringTextBox.TextLength;
+            addressToolStripSpringTextBoxEntered = false;
+        }
+
+        public void AddressValid() {
+            // unfocus the address before navigation
+            ActiveControl = null;
+        }
+
         public void BrowserBack() {
             if (closableWebBrowser == null) {
                 return;
@@ -434,17 +451,20 @@ public void BrowserGo(string url) {
             }
 
             if (String.IsNullOrEmpty(url)) {
+                AddressInvalid();
                 return;
             }
 
             Uri webBrowserURL;
 
             try {
-                webBrowserURL = new Uri(AddURLProtocol(url));
+                webBrowserURL = new Uri(ValidateURL(url), UriKind.Absolute);
             } catch {
+                AddressInvalid();
                 return;
             }
 
+            AddressValid();
             closableWebBrowser.Navigate(webBrowserURL);
         }
 
@@ -889,15 +909,15 @@ private void printButton_Click(object sender, EventArgs e) {
             BrowserPrint();
         }
 
-        private bool addressToolStripSpringTextBoxEntered = false;
-
         private void addressToolStripSpringTextBox_Click(object sender, EventArgs e) {
-            if (addressToolStripSpringTextBoxEntered) {
-                addressToolStripSpringTextBoxEntered = false;
+            if (!addressToolStripSpringTextBoxEntered) {
+                return;
+            }
 
-                if (String.IsNullOrEmpty(addressToolStripSpringTextBox.SelectedText)) {
-                    addressToolStripSpringTextBox.SelectAll();
-                }
+            addressToolStripSpringTextBoxEntered = false;
+
+            if (String.IsNullOrEmpty(addressToolStripSpringTextBox.SelectedText)) {
+                addressToolStripSpringTextBox.SelectAll();
             }
         }
 

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-# Flashpoint Secure Player 2.1.4`
	`1`	`+# Flashpoint Secure Player 2.1.5`
`2`	`2`	`This player attempts to solve common compatibility or portability issues posed by browser plugins on Windows for the purpose of playback in BlueMaxima's Flashpoint.`
`3`	`3`
`4`	`4`	`It is compatible with Windows 7, Windows 8, Windows 8.1 and Windows 10, and requires .NET Framework 4.5. If you are on Windows 8.1 or Windows 10, or if you are on Windows 7/8 and have updates enabled, you already have .NET Framework 4.5. Otherwise, you may [download .NET Framework 4.5.](http://www.microsoft.com/en-us/download/details.aspx?id=30653)`