Validate server input

- Allow only scheme, host and port in the server field. - Use proper default host and port in Elasticsearch and ClickHouse driver.
2025-09-03 03:13:00 +02:00 · 2024-01-19 00:29:25 +01:00
parent 5cfd48bb68
commit 1c5947de50
3 changed files with 74 additions and 12 deletions
--- a/plugins/drivers/clickhouse.php
+++ b/plugins/drivers/clickhouse.php
@@ -55,9 +55,15 @@ if (isset($_GET["clickhouse"])) {
 			return $this->rootQuery($this->_db, $query);
 		}

+		/**
+		 * @param string $server
+		 * @param string $username
+		 * @param string $password
+		 * @return bool
+		 */
 		function connect($server, $username, $password) {
-			preg_match('~^(https?://)?(.*)~', $server, $match);
-			$this->_url = ($match[1] ? $match[1] : "http://") . "$username:$password@$match[2]";
+			$this->_url = build_http_url($server, $username, $password, "localhost", 8123);
+
 			$return = $this->query('SELECT 1');
 			return (bool) $return;
 		}