Only allow valid HTTP(s) URLs as home page

The home page specified in the account settings is converted to a clickable link on the user's profile. Make sure it is a valid URL which uses the http or https scheme. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
author: Lukas Fleischer <lfleischer@archlinux.org> 2017-11-05 08:48:25 +0100
committer: Lukas Fleischer <lfleischer@archlinux.org> 2017-11-05 08:55:24 +0100
commit: 4efba18f8688431fae58ae1b826b80f95957aec8 (patch)
tree: ec3d330eaec591c08fa0431c81b93c99ed357128 /web/lib/acctfuncs.inc.php
parent: c859e371b0b94bb7ac2db7f7dfaf742a4a1fc6d9 (diff)
download: aur-4efba18f8688431fae58ae1b826b80f95957aec8.tar.gz
aur-4efba18f8688431fae58ae1b826b80f95957aec8.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index bdcaaa82..b8d9dc54 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -162,6 +162,10 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$H="",$P="",$C=""
 		$error = __("The email address is invalid.");
 	}
 
+	if (!$error && !valid_homepage($HP)) {
+		$error = __("The home page is invalid, please specify the full HTTP(s) URL.");
+	}
+
 	if (!$error && $K != '' && !valid_pgp_fingerprint($K)) {
 		$error = __("The PGP key fingerprint is invalid.");
 	}
author	Lukas Fleischer <lfleischer@archlinux.org>	2017-11-05 08:48:25 +0100
committer	Lukas Fleischer <lfleischer@archlinux.org>	2017-11-05 08:55:24 +0100
commit	4efba18f8688431fae58ae1b826b80f95957aec8 (patch)
tree	ec3d330eaec591c08fa0431c81b93c99ed357128 /web/lib/acctfuncs.inc.php
parent	c859e371b0b94bb7ac2db7f7dfaf742a4a1fc6d9 (diff)
download	aur-4efba18f8688431fae58ae1b826b80f95957aec8.tar.gz aur-4efba18f8688431fae58ae1b826b80f95957aec8.tar.xz