# HG changeset patch # User Matti Hamalainen # Date 1518022896 -7200 # Node ID 506977ea9d0c5b838c21ee54ab9e997cc25d6514 # Parent fe478b7bd80ee030f4d1d507e2380d59a7fc31ee urllog: Improve URL validation. diff -r fe478b7bd80e -r 506977ea9d0c urllog.tcl --- a/urllog.tcl Mon Dec 18 14:54:18 2017 +0200 +++ b/urllog.tcl Wed Feb 07 19:01:36 2018 +0200 @@ -290,7 +290,7 @@ ### Try to guess the URL protocol component (if it is missing) set u_checktld 1 - if {![string match "http://*" $urlStr] && ![string match "https://*" $urlStr] && ![string match "ftp://*" $urlStr]} { + if {![string match "http://*" $urlStr] && ![string match "https://*" $urlStr] && ![string match "ftp://*" $urlStr] && ![string match "*://*" $urlStr]} { if {[string match "*www.*" $urlStr]} { set urlStr "http://$urlStr" } elseif {[string match "*ftp.*" $urlStr]} { @@ -323,7 +323,16 @@ ### Get URL protocol component set urlProto "" - regexp "(\[a-z\]+)://" $urlStr urlMatch urlProto + if {[regexp "(\[a-z\]+)://" $urlStr urlMatch urlProto]} { + ### Is it a http or ftp url? + if {$urlProto != "http" && $urlProto != "https" && $urlProto != "ftp"} { + urllog_log "Broken URL from $urlNick: ($urlStr) UNSUPPORTED protocol class ($urlProto)." + return 0 + } + } else { + urllog_log "Broken URL from $urlNick: ($urlStr), no protocol specifier." + return 0 + } ### Check the PORT (if the ":" is there) set urlRecord [split $urlStr "/"] @@ -555,7 +564,7 @@ if {[utl_match_delim_list $urllog_log_channels $uchan]} { ### Do the URL checking foreach str [split $utext " "] { - if {[regexp "((ftp|http|https)://\[^\[:space:\]\]+|^(www|ftp)\.\[^\[:space:\]\]+)" $str ulink]} { + if {[regexp "(\[a-z]+://\[^\[:space:\]\]+|^(www|ftp)\.\[^\[:space:\]\]+)" $str ulink]} { urllog_check_url $str $unick $uhost $uchan } }