summaryrefslogtreecommitdiffstats
path: root/web
diff options
context:
space:
mode:
Diffstat (limited to 'web')
-rw-r--r--web/lib/acctfuncs.inc.php4
-rw-r--r--web/lib/aur.inc.php20
2 files changed, 24 insertions, 0 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index bdcaaa82..b8d9dc54 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -162,6 +162,10 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$H="",$P="",$C=""
$error = __("The email address is invalid.");
}
+ if (!$error && !valid_homepage($HP)) {
+ $error = __("The home page is invalid, please specify the full HTTP(s) URL.");
+ }
+
if (!$error && $K != '' && !valid_pgp_fingerprint($K)) {
$error = __("The PGP key fingerprint is invalid.");
}
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index 6cd04515..feb4006b 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -151,6 +151,26 @@ function valid_email($addy) {
}
/**
+ * Verify that a given URL is valid and uses the HTTP(s) protocol
+ *
+ * @param string $url URL of the home page to be validated
+ *
+ * @return bool True if URL passes validity checks, false otherwise
+ */
+function valid_homepage($url) {
+ if (filter_var($url, FILTER_VALIDATE_URL) === false) {
+ return false;
+ }
+
+ $url_components = parse_url($url);
+ if (!in_array($url_components['scheme'], array('http', 'https'))) {
+ return false;
+ }
+
+ return true;
+}
+
+/**
* Generate a unique session ID
*
* @return string MD5 hash of the concatenated user IP, random number, and current time