Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: handle bad user profile website

This commit is contained in:
Arpit Jalan 2018-05-17 13:21:24 +05:30
parent 238a13643d
commit 33899664ce
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/models/user_profile.rb
View File

@ -140,7 +140,10 @@ class UserProfile < ActiveRecord::Base
allowed_domains = SiteSetting.user_website_domains_whitelist
return if (allowed_domains.blank? || self.website.blank?)
domain = URI.parse(self.website).host
domain = begin
URI.parse(self.website).host
rescue URI::InvalidURIError
end
self.errors.add :base, (I18n.t('user.website.domain_not_allowed', domains: allowed_domains.split('|').join(", "))) unless allowed_domains.split('|').include?(domain)
end

7
spec/models/user_profile_spec.rb
View File

@ -71,6 +71,13 @@ describe UserProfile do
user_profile.website = "http://discourse.org"
expect(user_profile).to be_valid
end
it "doesn't blow up with an invalid URI" do
SiteSetting.user_website_domains_whitelist = "discourse.org"
user_profile.website = 'user - https://forum.example.com/user'
expect { user_profile.save! }.to raise_error(ActiveRecord::RecordInvalid)
end
end
describe 'after save' do