From acd00406634d7450ab44986ed0ebdeca29bb2dfd Mon Sep 17 00:00:00 2001 From: Pupchansky Date: Fri, 11 Oct 2024 07:23:29 +0500 Subject: [PATCH] =?UTF-8?q?=D0=BF=D0=BE=D1=87=D0=B8=D0=BD=D0=B8=D0=BB=20?= =?UTF-8?q?=D0=BF=D0=BE=D0=BB=D0=B8(=D1=82=D0=BE=D1=87=D0=BD=D0=BE)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Administration/ServerApi.Utility.cs | 23 +++++++++++++++---- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/Content.Server/Administration/ServerApi.Utility.cs b/Content.Server/Administration/ServerApi.Utility.cs index 538e2ce327..5ab96772fa 100644 --- a/Content.Server/Administration/ServerApi.Utility.cs +++ b/Content.Server/Administration/ServerApi.Utility.cs @@ -3,6 +3,7 @@ using System.Net; using System.Net.Http; using System.Text.RegularExpressions; using System.Threading.Tasks; +using Microsoft.CodeAnalysis.Differencing; using Robust.Server.ServerStatus; namespace Content.Server.Administration; @@ -64,7 +65,7 @@ public sealed partial class ServerApi { var absolute_path = context.Url.AbsolutePath; - if (context.RequestMethod != method || !CheckPathes(absolute_path)) + if (context.RequestMethod != method || !CheckPathes(absolute_path, exactPath)) return false; if (!await CheckAccess(context)) @@ -79,14 +80,26 @@ public sealed partial class ServerApi }); } - private static bool CheckPathes(string realPath) + private static bool CheckPathes(string realPath, string predictedPath) { var search_regex = ParametrSearchRegex(); - if (search_regex.IsMatch(realPath)) - return true; + var is_match = search_regex.Matches(predictedPath) + .ToList() + .TrueForAll(match => + { + if (!match.Success) + return false; - return false; + var to_replace = match.Groups[1].Value; + + var inner_regex = new Regex(predictedPath.Replace(to_replace, "(.*)")); + var inner_match = inner_regex.Match(realPath); + + return inner_match.Success; + }); + + return is_match; } private static Dictionary GetMapArguments(string realPath, string predictedPath)