Validate::uri replaced with filter_var for HTTP[S] URL checks

Also, a bug in checking the OAuth callback URL for validity was fixed,
where it referenced the wrong variable when going through form data.

actions/apiaccountregister.php

@@ -152,9 +152,7 @@ class ApiAccountRegisterAction extends ApiAction
                 // TRANS: Form validation error displayed when trying to register with an already registered e-mail address.
 	            $this->clientError(_('Email address already exists.'),404,'json');	
             } else if (!is_null($homepage) && (strlen($homepage) > 0) &&
-                       !Validate::uri($homepage,
-                                      array('allowed_schemes' =>
-                                            array('http', 'https')))) {
+                       !common_valid_http_url($homepage)) {
                 // TRANS: Form validation error displayed when trying to register with an invalid homepage URL.
 	            $this->clientError(_('Homepage is not a valid URL.'),404,'json');	
                 return;

actions/apicheckhub.php

@@ -45,23 +45,18 @@ class ApiCheckHubAction extends ApiAuthAction
     {
         parent::prepare($args);
 
-		$this->url = urldecode($args['url']);
-		
-		if (!$this->url) {
+        $this->url = urldecode($args['url']);
+        
+        if (empty($this->url)) {
             $this->clientError(_('No URL.'), 403, 'json');
-            return;			
-		}
+            return;            
+        }
 
-		if (!Validate::uri(
-	                $this->url, array(
-	                    'allowed_schemes' =>
-	                    array('http', 'https')
-	                )
-	            )) {
+        if (!common_valid_http_url($this->url)) {
             $this->clientError(_('Invalid URL.'), 403, 'json');
             return;
-			}
-		
+        }
+        
         return true;
     }
 

actions/apigroupcreate.php

@@ -165,15 +165,9 @@ class ApiGroupCreateAction extends ApiAuthAction
             );
             return false;
 
-        } elseif (
-            !is_null($this->homepage)
-            && strlen($this->homepage) > 0
-            && !Validate::uri(
-                $this->homepage, array(
-                    'allowed_schemes' =>
-                    array('http', 'https')
-                )
-            )) {
+        } elseif (!is_null($this->homepage)
+                && strlen($this->homepage) > 0
+                && !common_valid_http_url($this->homepage)) {
             $this->clientError(
                 // TRANS: Client error in form for group creation.
                 _('Homepage is not a valid URL.'),

actions/apigroupprofileupdate.php

@@ -267,13 +267,8 @@ class ApiGroupProfileUpdateAction extends ApiAuthAction
     function validateHomepage()
     {
         if (!is_null($this->homepage)
-        && (strlen($this->homepage) > 0)
-        && !Validate::uri(
-                $this->homepage,
-                array('allowed_schemes' => array('http', 'https')
-                )
-            )
-        ) {
+                && (strlen($this->homepage) > 0)
+                && !common_valid_http_url($this->homepage)) {
             throw new ApiValidationException(
                 // TRANS: API validation exception thrown when homepage URL does not validate.
                 _('Homepage is not a valid URL.')

actions/apioauthrequesttoken.php

@@ -146,7 +146,7 @@ class ApiOAuthRequestTokenAction extends ApiOAuthAction
 
             return true;
         } else {
-            return Validate::uri($callback);
+            return common_valid_http_url($callback);
         }
     }
 }

actions/editapplication.php

@@ -210,12 +210,10 @@ class EditApplicationAction extends Action
             $this->showForm(_('Source URL is too long.'));
             return;
         } elseif ((mb_strlen($source_url) > 0)
-                  && !Validate::uri($source_url,
-                                    array('allowed_schemes' => array('http', 'https'))))
-            {
-                // TRANS: Validation error shown when providing an invalid source URL in the "Edit application" form.
-                $this->showForm(_('Source URL is not valid.'));
-                return;
+                  && !common_valid_http_url($source_url)) {
+            // TRANS: Validation error shown when providing an invalid source URL in the "Edit application" form.
+            $this->showForm(_('Source URL is not valid.'));
+            return;
         } elseif (empty($organization)) {
             // TRANS: Validation error shown when not providing an organisation in the "Edit application" form.
             $this->showForm(_('Organization is required.'));
@@ -229,25 +227,20 @@ class EditApplicationAction extends Action
             $this->showForm(_('Organization homepage is required.'));
             return;
         } elseif ((mb_strlen($homepage) > 0)
-                  && !Validate::uri($homepage,
-                                    array('allowed_schemes' => array('http', 'https'))))
-            {
-                // TRANS: Validation error shown when providing an invalid homepage URL in the "Edit application" form.
-                $this->showForm(_('Homepage is not a valid URL.'));
-                return;
-            } elseif (mb_strlen($callback_url) > 255) {
-                // TRANS: Validation error shown when providing too long a callback URL in the "Edit application" form.
-                $this->showForm(_('Callback is too long.'));
-                return;
-            } elseif (mb_strlen($callback_url) > 0
-                      && !Validate::uri($source_url,
-                                        array('allowed_schemes' => array('http', 'https'))
-                                        ))
-                {
-                    // TRANS: Validation error shown when providing an invalid callback URL in the "Edit application" form.
-                    $this->showForm(_('Callback URL is not valid.'));
-                    return;
-                }
+                && !common_valid_http_url($homepage)) {
+            // TRANS: Validation error shown when providing an invalid homepage URL in the "Edit application" form.
+            $this->showForm(_('Homepage is not a valid URL.'));
+            return;
+        } elseif (mb_strlen($callback_url) > 255) {
+            // TRANS: Validation error shown when providing too long a callback URL in the "Edit application" form.
+            $this->showForm(_('Callback is too long.'));
+            return;
+        } elseif (mb_strlen($callback_url) > 0
+                && !common_valid_http_url($callback_url)) {
+            // TRANS: Validation error shown when providing an invalid callback URL in the "Edit application" form.
+            $this->showForm(_('Callback URL is not valid.'));
+            return;
+        }
 
         $cur = common_current_user();
 

actions/editgroup.php

@@ -198,9 +198,7 @@ class EditgroupAction extends GroupAction
                 $this->showForm(_('Not a valid nickname.'));
                 return;
             } else if (!is_null($homepage) && (strlen($homepage) > 0) &&
-                       !Validate::uri($homepage,
-                                      array('allowed_schemes' =>
-                                            array('http', 'https')))) {
+                       !common_valid_http_url($homepage)) {
                 // TRANS: Group edit form validation error.
                 $this->showForm(_('Homepage is not a valid URL.'));
                 return;

actions/licenseadminpanel.php

@@ -155,18 +155,14 @@ class LicenseadminpanelAction extends AdminPanelAction
             );
         }
 
-        // make sure the license URL and license image URL are valid URLs
-
-        $options = array('allowed_schemes' => array('http', 'https'));
-
         // URLs should be set for cc license
 
         if ($values['license']['type'] == 'cc') {
-            if (!Validate::uri($values['license']['url'], $options)) {
+            if (!common_valid_http_url($values['license']['url'])) {
                 // TRANS: Client error displayed specifying an invalid license URL in the license admin panel.
                 $this->clientError(_('Invalid license URL.'));
             }
-            if (!Validate::uri($values['license']['image'], $options)) {
+            if (!common_valid_http_url($values['license']['image'])) {
                 // TRANS: Client error displayed specifying an invalid license image URL in the license admin panel.
                 $this->clientError(_('Invalid license image URL.'));
             }
@@ -175,7 +171,7 @@ class LicenseadminpanelAction extends AdminPanelAction
         // can be either blank or a valid URL for private & allrightsreserved
 
         if (!empty($values['license']['url'])) {
-            if (!Validate::uri($values['license']['url'], $options)) {
+            if (!common_valid_http_url($values['license']['url'])) {
                 // TRANS: Client error displayed specifying an invalid license URL in the license admin panel.
                 $this->clientError(_('License URL must be blank or a valid URL.'));
             }
@@ -184,7 +180,7 @@ class LicenseadminpanelAction extends AdminPanelAction
         // can be either blank or a valid URL for private & allrightsreserved
 
         if (!empty($values['license']['image'])) {
-            if (!Validate::uri($values['license']['image'], $options)) {
+            if (!common_valid_http_url($values['license']['image'])) {
                 // TRANS: Client error displayed specifying an invalid license image URL in the license admin panel.
                 $this->clientError(_('License image must be blank or valid URL.'));
             }

actions/newapplication.php

@@ -122,12 +122,7 @@ class NewApplicationAction extends FormAction
         } elseif (empty($source_url)) {
             // TRANS: Validation error shown when not providing a source URL in the "New application" form.
             $this->clientError(_('Source URL is required.'));
-        } elseif ((strlen($source_url) > 0)
-            && !Validate::uri(
-                $source_url,
-                array('allowed_schemes' => array('http', 'https'))
-                )
-            ) {
+        } elseif ((strlen($source_url) > 0) && !common_valid_http_url($source_url)) {
             // TRANS: Validation error shown when providing an invalid source URL in the "New application" form.
             $this->clientError(_('Source URL is not valid.'));
         } elseif (empty($organization)) {
@@ -139,23 +134,13 @@ class NewApplicationAction extends FormAction
         } elseif (empty($homepage)) {
             // TRANS: Form validation error show when an organisation name has not been provided in the new application form.
             $this->clientError(_('Organization homepage is required.'));
-        } elseif ((strlen($homepage) > 0)
-            && !Validate::uri(
-                $homepage,
-                array('allowed_schemes' => array('http', 'https'))
-                )
-            ) {
+        } elseif ((strlen($homepage) > 0) && !common_valid_http_url($homepage)) {
             // TRANS: Validation error shown when providing an invalid homepage URL in the "New application" form.
             $this->clientError(_('Homepage is not a valid URL.'));
         } elseif (mb_strlen($callback_url) > 255) {
             // TRANS: Validation error shown when providing too long a callback URL in the "New application" form.
             $this->clientError(_('Callback is too long.'));
-        } elseif (strlen($callback_url) > 0
-            && !Validate::uri(
-                $source_url,
-                array('allowed_schemes' => array('http', 'https'))
-                )
-            ) {
+        } elseif (strlen($callback_url) > 0 && !common_valid_http_url($callback_url)) {
             // TRANS: Validation error shown when providing an invalid callback URL in the "New application" form.
             $this->clientError(_('Callback URL is not valid.'));
         }

actions/newgroup.php

@@ -102,9 +102,7 @@ class NewgroupAction extends FormAction
                 // TRANS: Group create form validation error.
                 throw new ClientException(_('Not a valid nickname.'));
             } else if (!is_null($homepage) && (strlen($homepage) > 0) &&
-                       !Validate::uri($homepage,
-                                      array('allowed_schemes' =>
-                                            array('http', 'https')))) {
+                       !common_valid_http_url($homepage)) {
                 // TRANS: Group create form validation error.
                 throw new ClientException(_('Homepage is not a valid URL.'));
             } else if (!is_null($fullname) && mb_strlen($fullname) > 255) {

actions/profilesettings.php

@@ -263,7 +263,7 @@ class ProfilesettingsAction extends SettingsAction
                 $this->showForm(_('Not a valid nickname.'));
                 return;
             } else if (!is_null($homepage) && (strlen($homepage) > 0) &&
-                       !Validate::uri($homepage, array('allowed_schemes' => array('http', 'https')))) {
+                       !common_valid_http_url($homepage)) {
                 // TRANS: Validation error in form for profile settings.
                 $this->showForm(_('Homepage is not a valid URL.'));
                 return;

actions/register.php

@@ -215,9 +215,7 @@ class RegisterAction extends Action
                 // TRANS: Form validation error displayed when trying to register with an already registered e-mail address.
                 $this->showForm(_('Email address already exists.'));
             } else if (!is_null($homepage) && (strlen($homepage) > 0) &&
-                       !Validate::uri($homepage,
-                                      array('allowed_schemes' =>
-                                            array('http', 'https')))) {
+                       !common_valid_http_url($homepage)) {
                 // TRANS: Form validation error displayed when trying to register with an invalid homepage URL.
                 $this->showForm(_('Homepage is not a valid URL.'));
                 return;

actions/siteadminpanel.php

@@ -156,13 +156,13 @@ class SiteadminpanelAction extends AdminPanelAction
 
         // Validate logos
         if (!empty($values['site']['logo']) &&
-            !Validate::uri($values['site']['logo'], array('allowed_schemes' => array('http', 'https')))) {
+                !common_valid_http_url($values['site']['logo'])) {
             // TRANS: Client error displayed when a logo URL is not valid.
             $this->clientError(_('Invalid logo URL.'));
         }
 
         if (!empty($values['site']['ssllogo']) &&
-            !Validate::uri($values['site']['ssllogo'], array('allowed_schemes' => array('https')))) {
+                !common_valid_http_url($values['site']['ssllogo'], true)) {
             // TRANS: Client error displayed when a SSL logo URL is invalid.
             $this->clientError(_('Invalid SSL logo URL.'));
         }

actions/snapshotadminpanel.php

@@ -135,11 +135,7 @@ class SnapshotadminpanelAction extends AdminPanelAction
         // Validate report URL
 
         if (!is_null($values['snapshot']['reporturl'])
-            && !Validate::uri(
-                $values['snapshot']['reporturl'],
-                array('allowed_schemes' => array('http', 'https')
-            )
-        )) {
+                && !common_valid_http_url($values['snapshot']['reporturl'])) {
             // TRANS: Client error displayed on admin panel for snapshots when providing an invalid report URL.
             $this->clientError(_('Invalid snapshot report URL.'));
         }

lib/util.php

@@ -1720,9 +1720,13 @@ function common_log_objstring(&$object)
     return $objstring;
 }
 
-function common_valid_http_url($url)
+function common_valid_http_url($url, $secure=false)
 {
-    return Validate::uri($url, array('allowed_schemes' => array('http', 'https')));
+    // If $secure is true, only allow https URLs to pass
+    // (if false, we use '?' in 'https?' to say the 's' is optional)
+    $regex = $secure ? '/^https$/' : '/^https?$/';
+    return filter_var($url, FILTER_VALIDATE_URL)
+            && preg_match($regex, parse_url($url, PHP_URL_SCHEME));
 }
 
 function common_valid_tag($tag)

plugins/Bookmark/actions/bookmarkforurl.php

@@ -74,7 +74,7 @@ class BookmarkforurlAction extends Action
             throw new ClientException(_('URL is required.'), 400);
         }
 
-        if (!Validate::uri($this->url, array('allowed_schemes' => array('http', 'https')))) {
+        if (!common_valid_http_url($this->url)) {
             throw new ClientException(_('Invalid URL.'), 400);
         }
 

plugins/ExtendedProfile/actions/profiledetailsettings.php

@@ -267,10 +267,7 @@ class ProfileDetailSettingsAction extends ProfileSettingsAction
         $this->removeAll($user, 'website');
         $i = 0;
         foreach($sites as $site) {
-            if (!empty($site['value']) && !Validate::uri(
-                $site['value'],
-                array('allowed_schemes' => array('http', 'https')))
-            ) {
+            if (!empty($site['value']) && !common_valid_http_url($site['value'])) {
                 // TRANS: Exception thrown when entering an invalid URL.
                 // TRANS: %s is the invalid URL.
                 throw new Exception(sprintf(_m('Invalid URL: %s.'), $site['value']));

plugins/OStatus/classes/Ostatus_profile.php

@@ -1323,7 +1323,7 @@ class Ostatus_profile extends Managed_DataObject
         }
         if ($url) {
             $opts = array('allowed_schemes' => array('http', 'https'));
-            if (Validate::uri($url, $opts)) {
+            if (common_valid_http_url($url)) {
                 return $url;
             }
         }
@@ -1615,7 +1615,7 @@ class Ostatus_profile extends Managed_DataObject
             $profile->profileurl = $object->link;
         } else if (array_key_exists('profileurl', $hints)) {
             $profile->profileurl = $hints['profileurl'];
-        } else if (Validate::uri($object->id, array('allowed_schemes' => array('http', 'https')))) {
+        } else if (common_valid_http_url($object->id)) {
             $profile->profileurl = $object->id;
         }