aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Accounts
diff options
context:
space:
mode:
authorJoas Schilling <coding@schilljs.com>2021-03-23 14:52:04 +0100
committerJoas Schilling <coding@schilljs.com>2021-04-22 16:34:13 +0200
commitd80cc76ee7f3f1f347fc54cc300e5e38ba7d6e19 (patch)
treef9e885f7c84ef77d487a95ffe56dc62c845b8005 /lib/private/Accounts
parenta011b7021ef7153acce6978a1c65db0a8c7ec32d (diff)
downloadnextcloud-server-d80cc76ee7f3f1f347fc54cc300e5e38ba7d6e19.tar.gz
nextcloud-server-d80cc76ee7f3f1f347fc54cc300e5e38ba7d6e19.zip
Validate the website field input to be a valid URL
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'lib/private/Accounts')
-rw-r--r--lib/private/Accounts/AccountManager.php30
1 files changed, 30 insertions, 0 deletions
diff --git a/lib/private/Accounts/AccountManager.php b/lib/private/Accounts/AccountManager.php
index ea8f99e0216..eff025e511e 100644
--- a/lib/private/Accounts/AccountManager.php
+++ b/lib/private/Accounts/AccountManager.php
@@ -121,6 +121,25 @@ class AccountManager implements IAccountManager {
}
/**
+ *
+ * @param string $input
+ * @return string
+ * @throws \InvalidArgumentException When the website did not have http(s) as protocol or the host name was empty
+ */
+ protected function parseWebsite(string $input): string {
+ $parts = parse_url($input);
+ if (!isset($parts['scheme']) || ($parts['scheme'] !== 'https' && $parts['scheme'] !== 'http')) {
+ throw new \InvalidArgumentException(self::PROPERTY_WEBSITE);
+ }
+
+ if (!isset($parts['host']) || $parts['host'] === '') {
+ throw new \InvalidArgumentException(self::PROPERTY_WEBSITE);
+ }
+
+ return $input;
+ }
+
+ /**
* update user record
*
* @param IUser $user
@@ -155,6 +174,17 @@ class AccountManager implements IAccountManager {
}
}
+ if (isset($data[self::PROPERTY_WEBSITE]) && $data[self::PROPERTY_WEBSITE]['value'] !== '') {
+ try {
+ $data[self::PROPERTY_WEBSITE]['value'] = $this->parseWebsite($data[self::PROPERTY_WEBSITE]['value']);
+ } catch (\InvalidArgumentException $e) {
+ if ($throwOnData) {
+ throw $e;
+ }
+ $data[self::PROPERTY_WEBSITE]['value'] = '';
+ }
+ }
+
$allowedScopes = [
self::SCOPE_PRIVATE,
self::SCOPE_LOCAL,