From 60cf71e724c4af0b7eda04324922e46b8e7eb7a3 Mon Sep 17 00:00:00 2001
From: lkassianik <lyubakassianik@gmail.com>
Date: Mon, 2 Nov 2015 13:48:02 -0800
Subject: [PATCH] Validate new Phurl URL

Summary: Closes T9691, Validate URL on Phurl objects for using valid protocols.

Test Plan: Create or edit URL. Change URL to "asdf" and observe error. Change back to "http://google.com" and observe no error.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin

Maniphest Tasks: T9691

Differential Revision: https://secure.phabricator.com/D14389
---
 .../phurl/editor/PhabricatorPhurlURLEditor.php    | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/applications/phurl/editor/PhabricatorPhurlURLEditor.php b/src/applications/phurl/editor/PhabricatorPhurlURLEditor.php
index 2065245e36..094688ee49 100644
--- a/src/applications/phurl/editor/PhabricatorPhurlURLEditor.php
+++ b/src/applications/phurl/editor/PhabricatorPhurlURLEditor.php
@@ -125,6 +125,21 @@ final class PhabricatorPhurlURLEditor
           $error->setIsMissingFieldError(true);
           $errors[] = $error;
         }
+
+        foreach ($xactions as $xaction) {
+          if ($xaction->getOldValue() != $xaction->getNewValue()) {
+            $protocols = PhabricatorEnv::getEnvConfig('uri.allowed-protocols');
+            $uri = new PhutilURI($xaction->getNewValue());
+            if (!isset($protocols[$uri->getProtocol()])) {
+              $errors[] = new PhabricatorApplicationTransactionValidationError(
+                $type,
+                pht('Invalid URL'),
+                pht('The protocol of the URL is invalid.'),
+                null);
+            }
+          }
+        }
+
         break;
     }