diff --git a/apps/oauth2/lib/Controller/SettingsController.php b/apps/oauth2/lib/Controller/SettingsController.php
index 2850012862988..605c64665e221 100644
--- a/apps/oauth2/lib/Controller/SettingsController.php
+++ b/apps/oauth2/lib/Controller/SettingsController.php
@@ -40,6 +40,7 @@
use OCP\IL10N;
use OCP\IRequest;
use OCP\Security\ISecureRandom;
+use OCP\Util;
class SettingsController extends Controller {
/** @var ClientMapper */
@@ -81,7 +82,7 @@ public function __construct(string $appName,
public function addClient(string $name,
string $redirectUri): JSONResponse {
- if (filter_var($redirectUri, FILTER_VALIDATE_URL) === false) {
+ if (!Util::isValidUrl($redirectUri)) {
return new JSONResponse(['message' => $this->l->t('Your redirect URL needs to be a full URL for example: https://yourdomain.com/path')], Http::STATUS_BAD_REQUEST);
}
diff --git a/apps/theming/lib/Controller/ThemingController.php b/apps/theming/lib/Controller/ThemingController.php
index 82cb15037ceaf..a416a95c7acb8 100644
--- a/apps/theming/lib/Controller/ThemingController.php
+++ b/apps/theming/lib/Controller/ThemingController.php
@@ -54,6 +54,7 @@
use OCP\IRequest;
use OCP\ITempManager;
use OCP\IURLGenerator;
+use OCP\Util;
/**
* Class ThemingController
@@ -143,7 +144,7 @@ public function updateStylesheet($setting, $value) {
if (strlen($value) > 500) {
$error = $this->l10n->t('The given web address is too long');
}
- if (!$this->isValidUrl($value)) {
+ if (!Util::isValidUrl($value)) {
$error = $this->l10n->t('The given web address is not a valid URL');
}
break;
@@ -151,7 +152,7 @@ public function updateStylesheet($setting, $value) {
if (strlen($value) > 500) {
$error = $this->l10n->t('The given legal notice address is too long');
}
- if (!$this->isValidUrl($value)) {
+ if (!Util::isValidUrl($value)) {
$error = $this->l10n->t('The given legal notice address is not a valid URL');
}
break;
@@ -159,7 +160,7 @@ public function updateStylesheet($setting, $value) {
if (strlen($value) > 500) {
$error = $this->l10n->t('The given privacy policy address is too long');
}
- if (!$this->isValidUrl($value)) {
+ if (!Util::isValidUrl($value)) {
$error = $this->l10n->t('The given privacy policy address is not a valid URL');
}
break;
@@ -200,14 +201,6 @@ public function updateStylesheet($setting, $value) {
);
}
- /**
- * Check that a string is a valid http/https url
- */
- private function isValidUrl(string $url): bool {
- return ((strpos($url, 'http://') === 0 || strpos($url, 'https://') === 0) &&
- filter_var($url, FILTER_VALIDATE_URL) !== false);
- }
-
/**
* @AuthorizedAdminSetting(settings=OCA\Theming\Settings\Admin)
* @return DataResponse
diff --git a/apps/theming/lib/ThemingDefaults.php b/apps/theming/lib/ThemingDefaults.php
index 3bfccda4a4322..ed4118775d8da 100644
--- a/apps/theming/lib/ThemingDefaults.php
+++ b/apps/theming/lib/ThemingDefaults.php
@@ -49,6 +49,7 @@
use OCP\IL10N;
use OCP\INavigationManager;
use OCP\IURLGenerator;
+use OCP\Util as OCPUtil;
class ThemingDefaults extends \OC_Defaults {
@@ -204,7 +205,7 @@ public function getShortFooter() {
$divider = '';
foreach ($links as $link) {
if ($link['url'] !== ''
- && filter_var($link['url'], FILTER_VALIDATE_URL)
+ && OCPUtil::isValidUrl($link['url'])
) {
$legalLinks .= $divider . '' . $link['text'] . '';
diff --git a/lib/private/Setup.php b/lib/private/Setup.php
index a7f0f190fa292..dd108fe225c6e 100644
--- a/lib/private/Setup.php
+++ b/lib/private/Setup.php
@@ -62,6 +62,7 @@
use OCP\IL10N;
use OCP\Security\ISecureRandom;
use Psr\Log\LoggerInterface;
+use OCP\Util;
class Setup {
/** @var SystemConfig */
@@ -340,7 +341,7 @@ public function install($options) {
'trusted_domains' => $trustedDomains,
'datadirectory' => $dataDir,
'dbtype' => $dbType,
- 'version' => implode('.', \OCP\Util::getVersion()),
+ 'version' => implode('.', Util::getVersion()),
];
if ($this->config->getValue('overwrite.cli.url', null) === null) {
@@ -477,7 +478,7 @@ private static function findWebRoot(SystemConfig $config): string {
if ($webRoot === '') {
throw new InvalidArgumentException('overwrite.cli.url is empty');
}
- if (!filter_var($webRoot, FILTER_VALIDATE_URL)) {
+ if (!Util::isValidUrl($webRoot)) {
throw new InvalidArgumentException('invalid value for overwrite.cli.url');
}
$webRoot = rtrim(parse_url($webRoot, PHP_URL_PATH), '/');
diff --git a/lib/public/Util.php b/lib/public/Util.php
index 5165846707a66..c54b3982845e8 100644
--- a/lib/public/Util.php
+++ b/lib/public/Util.php
@@ -513,4 +513,36 @@ public static function needUpgrade() {
}
return self::$needUpgradeCache;
}
+
+ /**
+ * Checks whether the given URL is valid. This function should be
+ * used instead of filter_var($url, FILTER_VALIDATE_URL) since it
+ * handles idn urls too.
+ *
+ * @return bool true if the url is valid, false otherwise.
+ * @since 23.0.0
+ */
+ public static function isValidUrl(string $url, array $protocols = ['http', 'https']): bool {
+ // from https://github.com/symfony/validator/blob/14337bdf9e2e0b2e3385c9e90f13325f0c95a4f9/Constraints/UrlValidator.php#L24
+ // Author: Bernhard Schussek
+ $pattern = '~^
+ (%s):// # protocol
+ (((?:[\_\.\pL\pN-]|%%[0-9A-Fa-f]{2})+:)?((?:[\_\.\pL\pN-]|%%[0-9A-Fa-f]{2})+)@)? # basic auth
+ (
+ ([\pL\pN\pS\-\_\.])+(\.?([\pL\pN]|xn\-\-[\pL\pN-]+)+\.?) # a domain name
+ | # or
+ \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} # an IP address
+ | # or
+ \[
+ (?:(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){6})(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:::(?:(?:(?:[0-9a-f]{1,4})):){5})(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:(?:(?:(?:[0-9a-f]{1,4})))?::(?:(?:(?:[0-9a-f]{1,4})):){4})(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){0,1}(?:(?:[0-9a-f]{1,4})))?::(?:(?:(?:[0-9a-f]{1,4})):){3})(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){0,2}(?:(?:[0-9a-f]{1,4})))?::(?:(?:(?:[0-9a-f]{1,4})):){2})(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){0,3}(?:(?:[0-9a-f]{1,4})))?::(?:(?:[0-9a-f]{1,4})):)(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){0,4}(?:(?:[0-9a-f]{1,4})))?::)(?:(?:(?:(?:(?:[0-9a-f]{1,4})):(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9]))\.){3}(?:(?:25[0-5]|(?:[1-9]|1[0-9]|2[0-4])?[0-9])))))))|(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){0,5}(?:(?:[0-9a-f]{1,4})))?::)(?:(?:[0-9a-f]{1,4})))|(?:(?:(?:(?:(?:(?:[0-9a-f]{1,4})):){0,6}(?:(?:[0-9a-f]{1,4})))?::))))
+ \] # an IPv6 address
+ )
+ (:[0-9]+)? # a port (optional)
+ (?:/ (?:[\pL\pN\-._\~!$&\'()*+,;=:@]|%%[0-9A-Fa-f]{2})* )* # a path
+ (?:\? (?:[\pL\pN\-._\~!$&\'\[\]()*+,;=:@/?]|%%[0-9A-Fa-f]{2})* )? # a query (optional)
+ (?:\# (?:[\pL\pN\-._\~!$&\'()*+,;=:@/?]|%%[0-9A-Fa-f]{2})* )? # a fragment (optional)
+ $~ixu';
+ $pattern = sprintf($pattern, implode('|', $protocols));
+ return preg_match($pattern, $url) !== false;
+ }
}