From 0fc4136851f9d01f3820b6bf352d1f53f59692bb Mon Sep 17 00:00:00 2001 From: brettflorio Date: Mon, 14 Feb 2022 11:48:36 -0800 Subject: [PATCH] fix unescaped ? and incorrectly escaped backreferences Refs #2 --- src/Signer.ts | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/Signer.ts b/src/Signer.ts index 17c4e55..004405c 100644 --- a/src/Signer.ts +++ b/src/Signer.ts @@ -122,7 +122,7 @@ export class Signer { let pattern = new RegExp( "[^'\"]*?)" + this.cartPath + - "(.php)??(?.*?)\\1[^>]*?>", + "(.php)?\?(?.*?)\1[^>]*?>", "gi" ); return matchGroups(html, pattern); @@ -130,7 +130,7 @@ export class Signer { private __getFormCodes(form: string): Product[] { const regex = new RegExp( - "<[^>]*?name=(['\"])(?[0-9]{1,3}:)?code\\1[^>]*?>", + "<[^>]*?name=(['\"])(?[0-9]{1,3}:)?code\1[^>]*?>", "ig" ); const codes = matchGroups(form, regex); @@ -178,7 +178,7 @@ export class Signer { const pattern = "(?https?://)(?[^?/]*?)" + this.cartPath + - "(.php)?\\?(?.*)"; + "(.php)?\?(?.*)"; const match = url.match(pattern); if (!match || !match.groups) { return url; @@ -356,7 +356,7 @@ export class Signer { let pattern = new RegExp( "", + "(?![0-9]{1,3})(?.+?)\1[^>]*>(?.*?)", "isg" ); for (let textarea of matchGroups(html, pattern)) { @@ -498,7 +498,7 @@ export class Signer { const regex = new RegExp( `href=(['"])${queryString.domain}${ this.cartPath - }(\.php)?.${queryString.query.replace(/^\?/, "")}\\1` + }(\.php)?.${queryString.query.replace(/^\?/, "")}\1` ); if (signed != url) { html = html.replace(regex, `href="${signed}"`);