diff options
Diffstat (limited to 'model')
| -rw-r--r-- | model/outgoing_webhook.go | 6 | ||||
| -rw-r--r-- | model/outgoing_webhook_test.go | 5 | ||||
| -rw-r--r-- | model/team.go | 1 | ||||
| -rw-r--r-- | model/utils.go | 13 |
4 files changed, 24 insertions, 1 deletions
diff --git a/model/outgoing_webhook.go b/model/outgoing_webhook.go index 8958dd5b0..9a1b89a85 100644 --- a/model/outgoing_webhook.go +++ b/model/outgoing_webhook.go @@ -100,6 +100,12 @@ func (o *OutgoingWebhook) IsValid() *AppError { return NewAppError("OutgoingWebhook.IsValid", "Invalid callback urls", "") } + for _, callback := range o.CallbackURLs { + if !IsValidHttpUrl(callback) { + return NewAppError("OutgoingWebhook.IsValid", "Invalid callback URLs. Each must be a valid URL and start with http:// or https://", "") + } + } + return nil } diff --git a/model/outgoing_webhook_test.go b/model/outgoing_webhook_test.go index 2ca48c291..0d1cd773e 100644 --- a/model/outgoing_webhook_test.go +++ b/model/outgoing_webhook_test.go @@ -80,6 +80,11 @@ func TestOutgoingWebhookIsValid(t *testing.T) { t.Fatal("should be invalid") } + o.CallbackURLs = []string{"nowhere.com/"} + if err := o.IsValid(); err == nil { + t.Fatal("should be invalid") + } + o.CallbackURLs = []string{"http://nowhere.com/"} if err := o.IsValid(); err != nil { t.Fatal(err) diff --git a/model/team.go b/model/team.go index 4d14ec2ee..5c9cf5a26 100644 --- a/model/team.go +++ b/model/team.go @@ -229,6 +229,5 @@ func (o *Team) PreExport() { func (o *Team) Sanitize() { o.Email = "" - o.Type = "" o.AllowedDomains = "" } diff --git a/model/utils.go b/model/utils.go index bb0669df7..681ade870 100644 --- a/model/utils.go +++ b/model/utils.go @@ -11,6 +11,7 @@ import ( "fmt" "io" "net/mail" + "net/url" "regexp" "strings" "time" @@ -301,3 +302,15 @@ var UrlRegex = regexp.MustCompile(`^((?:[a-z]+:\/\/)?(?:(?:[a-z0-9\-]+\.)+(?:[a- var PartialUrlRegex = regexp.MustCompile(`/([A-Za-z0-9]{26})/([A-Za-z0-9]{26})/((?:[A-Za-z0-9]{26})?.+(?:\.[A-Za-z0-9]{3,})?)`) var SplitRunes = map[rune]bool{',': true, ' ': true, '.': true, '!': true, '?': true, ':': true, ';': true, '\n': true, '<': true, '>': true, '(': true, ')': true, '{': true, '}': true, '[': true, ']': true, '+': true, '/': true, '\\': true} + +func IsValidHttpUrl(rawUrl string) bool { + if strings.Index(rawUrl, "http://") != 0 && strings.Index(rawUrl, "https://") != 0 { + return false + } + + if _, err := url.ParseRequestURI(rawUrl); err != nil { + return false + } + + return true +} |