2

Manual proxy configuration does not reject URLs entered (as hostnames)

 7 months ago
source link: https://bugzilla.mozilla.org/show_bug.cgi?id=328707
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client
Closed Bug 328707 Opened 18 years ago Closed 26 days ago

Manual proxy configuration does not reject URLs entered (as hostnames)

Categories

(Firefox :: Settings UI, enhancement)

Tracking

(bug RESOLVED as FIXED)

RESOLVED FIXED

124 Branch

Tracking Status
firefox124 --- fixed

People

(Reporter: mozilla, Assigned: jdeepd.dev, Mentored)

Details

(Keywords: polish)

5775cc094b529e47da36373d2cfd44d7?d=mm&size=64
 Reporter

Description

18 years ago 
User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Avalon 6.0.5070; WinFX RunTime 3.0.50727)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1

In trying to set up Firefox, I copied my proxy settings from Internet Explorer.  IE uses this format: http://192.168.1.1.  Firefox uses 192.168.0.1.  No validation is performed - Firefox accepts the erroneous input data and then fails to connect.  This isn't helped by there being no examples of manual proxy configuration in the Help documentation or on the website.  Come on guys, if you want to get people to switch from IE, either do things the same way or make it obvious you're doing it differently.

Reproducible: Always

Steps to Reproduce:
1. Open Options
2. Click on Connection Settings
3. Enter http://<your-proxy-ip-address
4. Try to access an Internet web site.

Actual Results:  
You get the Firefox Try Again page.

Expected Results:  
Displayed a page from the web site.
Reporter, do you still see this problem with the latest Firefox 2? If not, can you please close this bug as WORKSFORME. Thanks!
Whiteboard: CLOSEME 06/27
Version: unspecified → 1.5.0.x Branch
this is still valid on branch and trunk, there is no check on text entered into proxy address configuration, and there is no example of what should be put there.

A check could be done to ensure that proxy address textbox content is at least a valid ip
URL: Any
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: polish
Whiteboard: CLOSEME 06/27
Version: 1.5.0.x Branch → Trunk
Which version of IE? Can you provide a screen snapshot?

Meanwhile, I'm trying to fix the online/help docs, so the usage is clearer.
Summary: Manual proxy configuration entries are not checked for format → Manual proxy configuration does not reject URLs entered as hostnames)
Summary: Manual proxy configuration does not reject URLs entered as hostnames) → Manual proxy configuration does not reject URLs entered (as hostnames)
Severity: normal → S3

This shouldn't be hard to fix. A simple regex match for valid IP address/Hostname should do the job. Firefox already handles the scenario when the specified port is 0.

// mozilla-unified/browser/components/preferences/dialogs/connection.js
var gConnectionsDialog = {
  beforeAccept(event) {
    ...
    // If the proxy server(when specified) is invalid or the port is set to 0 then cancel submission.
    for (let prefName of ["http", "ssl", "socks"]) {
      let proxyPortPref = Preferences.get(
        "network.proxy." + prefName + "_port"
      );
      let proxyPref = Preferences.get("network.proxy." + prefName);
      // Only worry about ports which are currently active. If the share option is on, then ignore
      // all ports except the HTTP and SOCKS port
      if (
        proxyPref.value != "" &&
        proxyPortPref.value == 0 &&
        (prefName == "http" || prefName == "socks" || !shareProxiesPref.value)
      ) {
        document
          .getElementById("networkProxy" + prefName.toUpperCase() + "_Port")
          .focus();
        event.preventDefault();
        return;
      }
     // check if the specified Hostname/IP Address is valid.
      const validIPandHostNameRegex = /^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)+([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])$/;
      if (
        proxyPref.value != "" &&
        !validIPandHostNameRegex.test(proxyPref.value) &&
        (prefName == "http" || prefName == "socks" || !shareProxiesPref.value)
      ) {
        document
          .getElementById("networkProxy" + prefName.toUpperCase())
          .focus();
        event.preventDefault();
        return;
      }
    }

 ...
  },

(In reply to Jaydeep Das from comment #5)

This shouldn't be hard to fix. A simple regex match for valid IP address/Hostname should do the job. Firefox already handles the scenario when the specified port is 0.

// mozilla-unified/browser/components/preferences/dialogs/connection.js
var gConnectionsDialog = {
  beforeAccept(event) {
    ...
    // If the proxy server(when specified) is invalid or the port is set to 0 then cancel submission.
    for (let prefName of ["http", "ssl", "socks"]) {
      let proxyPortPref = Preferences.get(
        "network.proxy." + prefName + "_port"
      );
      let proxyPref = Preferences.get("network.proxy." + prefName);
      // Only worry about ports which are currently active. If the share option is on, then ignore
      // all ports except the HTTP and SOCKS port
      if (
        proxyPref.value != "" &&
        proxyPortPref.value == 0 &&
        (prefName == "http" || prefName == "socks" || !shareProxiesPref.value)
      ) {
        document
          .getElementById("networkProxy" + prefName.toUpperCase() + "_Port")
          .focus();
        event.preventDefault();
        return;
      }
     // check if the specified Hostname/IP Address is valid.
      const validIPandHostNameRegex = /^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)+([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])$/;
      if (
        proxyPref.value != "" &&
        !validIPandHostNameRegex.test(proxyPref.value) &&
        (prefName == "http" || prefName == "socks" || !shareProxiesPref.value)
      ) {
        document
          .getElementById("networkProxy" + prefName.toUpperCase())
          .focus();
        event.preventDefault();
        return;
      }
    }

 ...
  },

Request for Comments

Assignee: nobody → jdeepd.dev
Status: NEW → ASSIGNED

Thanks, Jaydeep! The patch looks good, and I've queued it for autolanding.

Great work! Are you interested in more work in about:preferences? Bug 1844935, for example, might be interesting?

Flags: needinfo?(jdeepd.dev)

Thanks Mike. Yes I would be interested in working in more bug fixes. It was a great learning experience. I will take a look on that bug.

Flags: needinfo?(jdeepd.dev)
Status: ASSIGNED → RESOLVED
Closed: 26 days ago
Resolution: --- → FIXED
Target Milestone: --- → 124 Branch
You need to log in before you can comment on or make changes to this bug.

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK