Commit 4efba18f authored by Lukas Fleischer's avatar Lukas Fleischer
Browse files

Only allow valid HTTP(s) URLs as home page



The home page specified in the account settings is converted to a
clickable link on the user's profile. Make sure it is a valid URL which
uses the http or https scheme.

Signed-off-by: Lukas Fleischer's avatarLukas Fleischer <lfleischer@archlinux.org>
parent c859e371
......@@ -162,6 +162,10 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$H="",$P="",$C=""
$error = __("The email address is invalid.");
}
if (!$error && !valid_homepage($HP)) {
$error = __("The home page is invalid, please specify the full HTTP(s) URL.");
}
if (!$error && $K != '' && !valid_pgp_fingerprint($K)) {
$error = __("The PGP key fingerprint is invalid.");
}
......
......@@ -150,6 +150,26 @@ function valid_email($addy) {
return true;
}
/**
* Verify that a given URL is valid and uses the HTTP(s) protocol
*
* @param string $url URL of the home page to be validated
*
* @return bool True if URL passes validity checks, false otherwise
*/
function valid_homepage($url) {
if (filter_var($url, FILTER_VALIDATE_URL) === false) {
return false;
}
$url_components = parse_url($url);
if (!in_array($url_components['scheme'], array('http', 'https'))) {
return false;
}
return true;
}
/**
* Generate a unique session ID
*
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment