[MIRROR] Play Internet Sound sanity checks (#5918)

* Play Internet Sound sanity checks (#36080)

* Play Internet Sound sanity checks

Now checks if the content URL uses http(s) before playing

* HTML is not HTTP: renames regex

* Converted global regexes to procs that return them

* Revert "Converted global regexes to procs that return them"

This reverts commit 2eedbd6982b0c4de943a72c94f92f9d75001c06e.

* Play Internet Sound sanity checks

code/__HELPERS/text.dm

@@ -598,33 +598,29 @@ GLOBAL_LIST_INIT(binary, list("0","1"))
 		return
 
 	//Regular expressions are, as usual, absolute magic
-	var/regex/is_website = new("http|www.|\[a-z0-9_-]+.(com|org|net|mil|edu)+", "i")
-	var/regex/is_email = new("\[a-z0-9_-]+@\[a-z0-9_-]+.\[a-z0-9_-]+", "i")
-	var/regex/alphanumeric = new("\[a-z0-9]+", "i")
-	var/regex/punctuation = new("\[.!?]+", "i")
 	var/regex/all_invalid_symbols = new("\[^ -~]+")
 
 	var/list/accepted = list()
 	for(var/string in proposed)
-		if(findtext(string,is_website) || findtext(string,is_email) || findtext(string,all_invalid_symbols) || !findtext(string,alphanumeric))
+		if(findtext(string,GLOB.is_website) || findtext(string,GLOB.is_email) || findtext(string,all_invalid_symbols) || !findtext(string,GLOB.is_alphanumeric))
 			continue
 		var/buffer = ""
 		var/early_culling = TRUE
 		for(var/pos = 1, pos <= lentext(string), pos++)
 			var/let = copytext(string, pos, (pos + 1) % lentext(string))
-			if(early_culling && !findtext(let,alphanumeric))
+			if(early_culling && !findtext(let,GLOB.is_alphanumeric))
 				continue
 			early_culling = FALSE
 			buffer += let
-		if(!findtext(buffer,alphanumeric))
+		if(!findtext(buffer,GLOB.is_alphanumeric))
 			continue
 		var/punctbuffer = ""
 		var/cutoff = lentext(buffer)
 		for(var/pos = lentext(buffer), pos >= 0, pos--)
 			var/let = copytext(buffer, pos, (pos + 1) % lentext(buffer))
-			if(findtext(let,alphanumeric))
+			if(findtext(let,GLOB.is_alphanumeric))
 				break
-			if(findtext(let,punctuation))
+			if(findtext(let,GLOB.is_punctuation))
 				punctbuffer = let + punctbuffer //Note this isn't the same thing as using +=
 				cutoff = pos
 		if(punctbuffer) //We clip down excessive punctuation to get the letter count lower and reduce repeats. It's not perfect but it helps.
@@ -652,7 +648,7 @@ GLOBAL_LIST_INIT(binary, list("0","1"))
 				else
 					punctbuffer = "" //Grammer nazis be damned
 			buffer = copytext(buffer, 1, cutoff) + punctbuffer
-		if(!findtext(buffer,alphanumeric))
+		if(!findtext(buffer,GLOB.is_alphanumeric))
 			continue
 		if(!buffer || lentext(buffer) > 280 || lentext(buffer) <= cullshort || buffer in accepted)
 			continue

code/_globalvars/regexes.dm

@@ -0,0 +1,7 @@
+//These are a bunch of regex datums for use /((any|every|no|some|head|foot)where(wolf)?\sand\s)+(\.[\.\s]+\s?where\?)?/i
+GLOBAL_DATUM_INIT(is_http_protocol, /regex, regex("^https?://"))
+
+GLOBAL_DATUM_INIT(is_website, /regex, regex("http|www.|\[a-z0-9_-]+.(com|org|net|mil|edu)+", "i"))
+GLOBAL_DATUM_INIT(is_email, /regex, regex("\[a-z0-9_-]+@\[a-z0-9_-]+.\[a-z0-9_-]+", "i"))
+GLOBAL_DATUM_INIT(is_alphanumeric, /regex, regex("\[a-z0-9]+", "i"))
+GLOBAL_DATUM_INIT(is_punctuation, /regex, regex("\[.!?]+", "i"))

code/modules/admin/verbs/playsound.dm

@@ -74,8 +74,7 @@
 		if(length(web_sound_input))
 
 			web_sound_input = trim(web_sound_input)
-			var/static/regex/html_protocol_regex = regex("https?://")
-			if(findtext(web_sound_input, ":") && !findtext(web_sound_input, html_protocol_regex))
+			if(findtext(web_sound_input, ":") && !findtext(web_sound_input, GLOB.is_http_protocol))
 				to_chat(src, "<span class='boldwarning'>Non-http(s) URIs are not allowed.</span>")
 				to_chat(src, "<span class='warning'>For youtube-dl shortcuts like ytsearch: please use the appropriate full url from the website.</span>")
 				return
@@ -124,6 +123,9 @@
 			web_sound_url = " "
 
 		if(web_sound_url)
+			if(web_sound_url != " " && !findtext(web_sound_url, GLOB.is_http_protocol))
+				to_chat(src, "<span class='boldwarning'>BLOCKED: Content URL not using http(s) protocol</span>")
+				to_chat(src, "<span class='warning'>The media provider returned a content URL that isn't using the HTTP or HTTPS protocol</span>")
 			for(var/m in GLOB.player_list)
 				var/mob/M = m
 				var/client/C = M.client

code/modules/goonchat/browserOutput.dm

@@ -125,6 +125,8 @@ GLOBAL_DATUM_INIT(iconCache, /savefile, new("data/iconCache.sav")) //Cache of ic
 	C << output("[data]", "[window]:ehjaxCallback")
 
 /datum/chatOutput/proc/sendMusic(music, pitch)
+	if(!findtext(music, GLOB.is_http_protocol))
+		return
 	var/list/music_data = list("adminMusic" = url_encode(url_encode(music)))
 	if(pitch)
 		music_data["musicRate"] = pitch

tgstation.dme

@@ -134,6 +134,7 @@
 #include "code\_globalvars\genetics.dm"
 #include "code\_globalvars\logging.dm"
 #include "code\_globalvars\misc.dm"
+#include "code\_globalvars\regexes.dm"
 #include "code\_globalvars\lists\flavor_misc.dm"
 #include "code\_globalvars\lists\maintenance_loot.dm"
 #include "code\_globalvars\lists\mapping.dm"