From 3b2a5f68940864f5631a98d6d2ef77f4814ef8f8 Mon Sep 17 00:00:00 2001
From: Arpit Jalan <arpit@techapj.com>
Date: Thu, 24 Jul 2014 17:30:15 +0530
Subject: [PATCH] FIX: filter whitelist domain name

---
 lib/site_setting_extension.rb                 | 21 +++++++++++++++++++
 .../components/site_setting_extension_spec.rb | 17 +++++++++++++++
 2 files changed, 38 insertions(+)

diff --git a/lib/site_setting_extension.rb b/lib/site_setting_extension.rb
index 3372b5c56a2..31a18c97c04 100644
--- a/lib/site_setting_extension.rb
+++ b/lib/site_setting_extension.rb
@@ -264,8 +264,21 @@ module SiteSettingExtension
     refresh_settings.include?(name.to_sym)
   end
 
+  def filter_value(name, value)
+    # filter domain name
+    if %w[disabled_image_download_domains onebox_domains_whitelist exclude_rel_nofollow_domains email_domains_blacklist email_domains_whitelist white_listed_spam_host_domains].include? name
+      domain_array = []
+      value.split('|').each { |url|
+        domain_array.push(get_hostname(url))
+      }
+      value = domain_array.join("|")
+    end
+    return value
+  end
+
   def set(name, value)
     if has_setting?(name)
+      value = filter_value(name, value)
       self.send("#{name}=", value)
       Discourse.request_refresh! if requires_refresh?(name)
     else
@@ -365,5 +378,13 @@ module SiteSettingExtension
     enums[name]
   end
 
+  def get_hostname(url)
+    unless (URI.parse(url).scheme rescue nil).nil?
+      url = "http://#{url}" if URI.parse(url).scheme.nil?
+      url = URI.parse(url).host
+    end
+    return url
+  end
+
 end
 
diff --git a/spec/components/site_setting_extension_spec.rb b/spec/components/site_setting_extension_spec.rb
index 44b99e948ee..1e0adca5aa3 100644
--- a/spec/components/site_setting_extension_spec.rb
+++ b/spec/components/site_setting_extension_spec.rb
@@ -322,4 +322,21 @@ describe SiteSettingExtension do
     end
   end
 
+  describe "filter domain name" do
+    before do
+      settings.setting(:white_listed_spam_host_domains, "www.example.com")
+      settings.refresh!
+    end
+
+    it "filters domain" do
+      settings.set("white_listed_spam_host_domains", "http://www.discourse.org/")
+      settings.white_listed_spam_host_domains.should == "www.discourse.org"
+    end
+
+    it "returns invalid domain as is, without throwing exception" do
+      settings.set("white_listed_spam_host_domains", "test!url")
+      settings.white_listed_spam_host_domains.should == "test!url"
+    end
+  end
+
 end