GH-224 Be better about handling external URLs

(transform into utils and support HTTPS)
mdziekon · Jul 1, 2022 · a53dce5 · a53dce5
1 parent 33279ce
commit a53dce5
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 11 deletions.
diff --git a/modules/settings/_includes.php b/modules/settings/_includes.php
@@ -37,6 +37,7 @@
     include($includePath . './utils/helpers/tryDeleteUserIgnoreEntries.helper.php');
     include($includePath . './utils/helpers/tryEnableVacation.helper.php');
     include($includePath . './utils/helpers/tryIgnoreUser.helper.php');
+    include($includePath . './utils/helpers/url.helper.php');
 
     include($includePath . './utils/input/normalizeDeleteUserIgnoreEntries.input.php');
 

diff --git a/modules/settings/utils/helpers/url.helper.php b/modules/settings/utils/helpers/url.helper.php
@@ -0,0 +1,38 @@
+<?php
+
+namespace UniEngine\Engine\Modules\Settings\Utils\Helpers;
+
+/**
+ * @param string $url
+ */
+function hasHttpProtocol($url) {
+    return (
+        strstr($url, 'http://') !== false ||
+        strstr($url, 'https://') !== false
+    );
+}
+
+/**
+ * @param string $url
+ */
+function hasWWWPart($url) {
+    return (strstr($url, 'www.') !== false);
+}
+
+/**
+ * @param string $url
+ */
+function isExternalUrl($url) {
+    return (
+        hasHttpProtocol($url) ||
+        hasWWWPart($url)
+    );
+}
+
+function completeWWWUrl($url) {
+    $defaultProto = 'https';
+
+    return str_replace('www.', "{$defaultProto}://www.", $url);
+}
+
+?>
diff --git a/settings.php b/settings.php
@@ -289,8 +289,7 @@ function isInputKeyChecked($input, $key) {
                 strip_tags(trim($_POST['skin_path']))
             );
 
-            if(strstr($SkinPath, 'http://') === FALSE AND strstr($SkinPath, 'www.') === FALSE)
-            {
+            if (!Settings\Utils\Helpers\isExternalUrl($SkinPath)) {
                 if($SkinPath != '')
                 {
                     $SkinPath = ltrim($SkinPath, '/');
@@ -308,12 +307,12 @@ function isInputKeyChecked($input, $key) {
                 {
                     $_POST['use_skin'] = '';
                 }
-            }
-            else
-            {
-                if(strstr($SkinPath, 'http://') === FALSE AND strstr($SkinPath, 'www.') !== FALSE)
-                {
-                    $SkinPath = str_replace('www.', 'http://', $SkinPath);
+            } else {
+                if (
+                    !Settings\Utils\Helpers\hasHttpProtocol($SkinPath) &&
+                    Settings\Utils\Helpers\hasWWWPart($SkinPath)
+                ) {
+                    $SkinPath = Settings\Utils\Helpers\completeWWWUrl($SkinPath);
                 }
             }
             if($SkinPath != $_User['skinpath'])
@@ -347,9 +346,11 @@ function isInputKeyChecked($input, $key) {
                 strip_tags(trim($_POST['avatar_path']))
             );
 
-            if(strstr($AvatarPath, 'http://') === FALSE AND strstr($AvatarPath, 'www.') !== FALSE)
-            {
-                $AvatarPath = str_replace('www.', 'http://', $AvatarPath);
+            if (
+                !Settings\Utils\Helpers\hasHttpProtocol($AvatarPath) &&
+                Settings\Utils\Helpers\hasWWWPart($AvatarPath)
+            ) {
+                $AvatarPath = Settings\Utils\Helpers\completeWWWUrl($AvatarPath);
             }
             if($AvatarPath != $_User['avatar'])
             {