validate post URLs on the backend (#990)

* added serverside url validation

* api.post: use if let instead of is_some

also add "invalid_url" to en.json

Co-authored-by: John Doe <dhas8m@protonmail.com>
This commit is contained in:
eiknat 2020-07-17 18:46:59 -04:00 committed by GitHub
parent 77a2a5eb01
commit 03758a4f92
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 1 deletions

View file

@ -37,6 +37,7 @@ use lemmy_utils::{
}; };
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use std::str::FromStr; use std::str::FromStr;
use url::Url;
#[derive(Serialize, Deserialize, Debug)] #[derive(Serialize, Deserialize, Debug)]
pub struct CreatePost { pub struct CreatePost {
@ -162,6 +163,13 @@ impl Perform for Oper<CreatePost> {
return Err(APIError::err("site_ban").into()); return Err(APIError::err("site_ban").into());
} }
if let Some(url) = data.url.as_ref() {
match Url::parse(url) {
Ok(_t) => (),
Err(_e) => return Err(APIError::err("invalid_url").into()),
}
}
// Fetch Iframely and pictrs cached image // Fetch Iframely and pictrs cached image
let (iframely_title, iframely_description, iframely_html, pictrs_thumbnail) = let (iframely_title, iframely_description, iframely_html, pictrs_thumbnail) =
fetch_iframely_and_pictrs_data(&self.client, data.url.to_owned()).await; fetch_iframely_and_pictrs_data(&self.client, data.url.to_owned()).await;

View file

@ -277,5 +277,6 @@
"what_is": "What is", "what_is": "What is",
"cake_day_title": "Cake day:", "cake_day_title": "Cake day:",
"cake_day_info": "It's {{ creator_name }}'s cake day today!", "cake_day_info": "It's {{ creator_name }}'s cake day today!",
"invalid_post_title": "Invalid post title" "invalid_post_title": "Invalid post title",
"invalid_url": "Invalid URL."
} }