fix: [bookmarks] added more error handling for malformed bookmarks

iglocska · iglocska · commit 6f31082a711d · 2024-09-17T07:57:25.000+02:00
diff --git a/src/Model/Table/UserSettingsTable.php b/src/Model/Table/UserSettingsTable.php
@@ -144,9 +144,13 @@ public function deleteBookmark($user, $data)
      */
     public function validURI(String $uri): bool
     {
-        $parsed = parse_url($uri);
-        $isLocalPath = empty($parsed['scheme']) && empty($parsed['domain']) && !empty($parsed['path']);
-        $isValidURL = !empty($parsed['scheme']) && in_array($parsed['scheme'], ['http', 'https']) && filter_var($uri, FILTER_SANITIZE_URL);
+        try {
+            $parsed = parse_url($uri);
+            $isLocalPath = empty($parsed['scheme']) && empty($parsed['domain']) && !empty($parsed['path']);
+            $isValidURL = !empty($parsed['scheme']) && in_array($parsed['scheme'], ['http', 'https']) && filter_var($uri, FILTER_SANITIZE_URL);
+        } catch (\Exception $e) {
+            return false;
+        }
         return $isLocalPath || $isValidURL;
     }
 }
diff --git a/templates/Instance/home.php b/templates/Instance/home.php
@@ -18,16 +18,16 @@
         <ul class="col-sm-12 col-md-10 col-l-8 col-xl-8 mb-3">
             <?php foreach ($bookmarks as $bookmark) : ?>
                 <li class="list-group-item">
-                    <?php if ($this->userSettingsTable->validURI($bookmark['url'])): ?>
+                    <?php if (!empty($bookmark['url']) && $this->userSettingsTable->validURI($bookmark['url'])): ?>
                         <a href="<?= h($bookmark['url']) ?>" class="w-bold">
                             <?= h($bookmark['label']) ?>
                         </a>
                     <?php else: ?>
                         <span class="w-bold">
-                            <?= h($bookmark['url']) ?>
+                            <?= !empty($bookmark['url']) ? h($bookmark['url']) : '' ?>
                         </span>
                     <?php endif; ?>
-                    <span class="ms-3 fw-light"><?= h($bookmark['name']) ?></span>
+                    <span class="ms-3 fw-light"><?= !empty($bookmark['name']) ? h($bookmark['name']): '' ?></span>
                 </li>
             <?php endforeach; ?>
         </ul>

Original file line number	Diff line number	Diff line change
`@@ -144,9 +144,13 @@ public function deleteBookmark($user, $data)`
`144`	`144`	`*/`
`145`	`145`	`public function validURI(String $uri): bool`
`146`	`146`	`{`
`147`		`- $parsed = parse_url($uri);`
`148`		`- $isLocalPath = empty($parsed['scheme']) && empty($parsed['domain']) && !empty($parsed['path']);`
`149`		`- $isValidURL = !empty($parsed['scheme']) && in_array($parsed['scheme'], ['http', 'https']) && filter_var($uri, FILTER_SANITIZE_URL);`
	`147`	`+ try {`
	`148`	`+ $parsed = parse_url($uri);`
	`149`	`+ $isLocalPath = empty($parsed['scheme']) && empty($parsed['domain']) && !empty($parsed['path']);`
	`150`	`+ $isValidURL = !empty($parsed['scheme']) && in_array($parsed['scheme'], ['http', 'https']) && filter_var($uri, FILTER_SANITIZE_URL);`
	`151`	`+ } catch (\Exception $e) {`
	`152`	`+ return false;`
	`153`	`+ }`
`150`	`154`	`return $isLocalPath \|\| $isValidURL;`
`151`	`155`	`}`
`152`	`156`	`}`