jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix invalid artist URLs being allowed

Browse Source 
The problem was that the Addressable parser does not catch all invalid
URL cases, so some extra checks were added in.

- hostname must contain a dot

This accounts for URLs of the following type:

http://http://something.com

which has a hostname of http.

The artist URL tests were also updated with cases which test all validation
errors.
This commit is contained in:
BrokenEagle
2020-05-29 22:33:46 +00:00
parent 364343453c
commit c21af0c853
2 changed files with 21 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
app/models/artist_url.rb
View File

@@ -120,9 +120,18 @@ class ArtistUrl < ApplicationRecord
end
end
def validate_scheme(uri)
errors[:url] << "'#{uri}' must begin with http:// or https:// " unless uri.scheme.in?(%w[http https])
end
def validate_hostname(uri)
errors[:url] << "'#{uri}' has a hostname '#{uri.host}' that does not contain a dot" unless uri.host&.include?('.')
end
def validate_url_format
uri = Addressable::URI.parse(url)
errors[:url] << "'#{uri}' must begin with http:// or https:// " if !uri.scheme.in?(%w[http https])
validate_scheme(uri)
validate_hostname(uri)
rescue Addressable::URI::InvalidURIError => error
errors[:url] << "'#{uri}' is malformed: #{error}"
end