From 2d2b8e1601587dbb6c4c41d5b1aa3342982f7f4f Mon Sep 17 00:00:00 2001
From: RandomChars <random@chars.jp>
Date: Tue, 28 Sep 2021 11:42:08 +0900
Subject: [PATCH] correct URL matching

---
 store/image.go |  2 +-
 store/misc.go  | 15 ++++++++++++---
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/store/image.go b/store/image.go
index ddf5a82..42f5289 100644
--- a/store/image.go
+++ b/store/image.go
@@ -285,7 +285,7 @@ func (s *Store) ImageAdd(data []byte, flake string) Image {
 // ImageUpdate updates image metadata.
 func (s *Store) ImageUpdate(hash, source, parent, commentary, commentaryTranslation string) {
 	// Only accept URLs and below 1024 in length
-	if len(source) >= 1024 || !urlRegex.MatchString(source) {
+	if len(source) >= 1024 || !s.MatchURL(source) {
 		return
 	}
 
diff --git a/store/misc.go b/store/misc.go
index a137198..b72fa66 100644
--- a/store/misc.go
+++ b/store/misc.go
@@ -2,6 +2,7 @@ package store
 
 import (
 	"errors"
+	"net/url"
 	"regexp"
 )
 
@@ -11,7 +12,6 @@ var (
 	nameRegex   = regexp.MustCompile(`^[a-z0-9()_-]{3,}$`)
 	sha256Regex = regexp.MustCompile(`\b[A-Fa-f0-9]{64}\b`)
 	secretRegex = regexp.MustCompile(`\b[A-Za-z]{64}\b`)
-	urlRegex    = regexp.MustCompile(`(\b(https?|ftp)://)?[-A-Za-z0-9+&@#/%?=~_|!:,.;]+[-A-Za-z0-9+&@#/%=~_|]`)
 )
 
 var (
@@ -19,6 +19,15 @@ var (
 	AlreadyExists = errors.New("store path already exists")
 )
 
-func (s *Store) MatchName(subject string) bool {
-	return nameRegex.MatchString(subject)
+// These two really shouldn't be methods... Maybe change that for v2.
+
+// MatchName determines if str is a valid name.
+func (s *Store) MatchName(str string) bool {
+	return nameRegex.MatchString(str)
+}
+
+// MatchURL determines if str is a valid URL.
+func (s *Store) MatchURL(str string) bool {
+	u, err := url.Parse(str)
+	return err == nil && u.Scheme != "" && u.Host != ""
 }
-- 
GitLab