From 03758a4f9232da8ceee849df57e17c4a8664cdfd Mon Sep 17 00:00:00 2001 From: eiknat <68170752+eiknat@users.noreply.github.com> Date: Fri, 17 Jul 2020 18:46:59 -0400 Subject: [PATCH] validate post URLs on the backend (#990) * added serverside url validation * api.post: use if let instead of is_some also add "invalid_url" to en.json Co-authored-by: John Doe --- server/src/api/post.rs | 8 ++++++++ ui/translations/en.json | 3 ++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/server/src/api/post.rs b/server/src/api/post.rs index b9518f0e..61f3513b 100644 --- a/server/src/api/post.rs +++ b/server/src/api/post.rs @@ -37,6 +37,7 @@ use lemmy_utils::{ }; use serde::{Deserialize, Serialize}; use std::str::FromStr; +use url::Url; #[derive(Serialize, Deserialize, Debug)] pub struct CreatePost { @@ -162,6 +163,13 @@ impl Perform for Oper { return Err(APIError::err("site_ban").into()); } + if let Some(url) = data.url.as_ref() { + match Url::parse(url) { + Ok(_t) => (), + Err(_e) => return Err(APIError::err("invalid_url").into()), + } + } + // Fetch Iframely and pictrs cached image let (iframely_title, iframely_description, iframely_html, pictrs_thumbnail) = fetch_iframely_and_pictrs_data(&self.client, data.url.to_owned()).await; diff --git a/ui/translations/en.json b/ui/translations/en.json index 6e111c63..e9d768f2 100644 --- a/ui/translations/en.json +++ b/ui/translations/en.json @@ -277,5 +277,6 @@ "what_is": "What is", "cake_day_title": "Cake day:", "cake_day_info": "It's {{ creator_name }}'s cake day today!", - "invalid_post_title": "Invalid post title" + "invalid_post_title": "Invalid post title", + "invalid_url": "Invalid URL." } -- 2.44.1