diff --git a/app/controllers/api/avatars.php b/app/controllers/api/avatars.php index 161e87b130..e72911671c 100644 --- a/app/controllers/api/avatars.php +++ b/app/controllers/api/avatars.php @@ -144,7 +144,7 @@ ->label('sdk.description', '/docs/references/avatars/get-image.md') ->label('sdk.response.code', Response::STATUS_CODE_OK) ->label('sdk.response.type', Response::CONTENT_TYPE_IMAGE) - ->param('url', '', new URL(), 'Image URL which you want to crop.') + ->param('url', '', new URL(['http', 'https']), 'Image URL which you want to crop.') ->param('width', 400, new Range(0, 2000), 'Resize preview image width, Pass an integer between 0 to 2000.', true) ->param('height', 400, new Range(0, 2000), 'Resize preview image height, Pass an integer between 0 to 2000.', true) ->inject('response') @@ -213,7 +213,7 @@ ->label('sdk.description', '/docs/references/avatars/get-favicon.md') ->label('sdk.response.code', Response::STATUS_CODE_OK) ->label('sdk.response.type', Response::CONTENT_TYPE_IMAGE) - ->param('url', '', new URL(), 'Website URL which you want to fetch the favicon from.') + ->param('url', '', new URL(['http', 'https']), 'Website URL which you want to fetch the favicon from.') ->inject('response') ->action(function ($url, $response) { /** @var Appwrite\Utopia\Response $response */ diff --git a/app/controllers/api/projects.php b/app/controllers/api/projects.php index 9c4f9bc9bf..2fdcc3aea3 100644 --- a/app/controllers/api/projects.php +++ b/app/controllers/api/projects.php @@ -582,7 +582,7 @@ ->param('projectId', null, new UID(), 'Project unique ID.') ->param('name', null, new Text(128), 'Webhook name. Max length: 128 chars.') ->param('events', null, new ArrayList(new WhiteList(array_keys(Config::getParam('events'), true), true)), 'Events list.') - ->param('url', null, new URL(), 'Webhook URL.') + ->param('url', null, new URL(['http', 'https']), 'Webhook URL.') ->param('security', false, new Boolean(true), 'Certificate verification, false for disabled or true for enabled.') ->param('httpUser', '', new Text(256), 'Webhook HTTP user. Max length: 256 chars.', true) ->param('httpPass', '', new Text(256), 'Webhook HTTP password. Max length: 256 chars.', true) @@ -704,7 +704,7 @@ ->param('webhookId', null, new UID(), 'Webhook unique ID.') ->param('name', null, new Text(128), 'Webhook name. Max length: 128 chars.') ->param('events', null, new ArrayList(new WhiteList(array_keys(Config::getParam('events'), true), true)), 'Events list.') - ->param('url', null, new URL(), 'Webhook URL.') + ->param('url', null, new URL(['http', 'https']), 'Webhook URL.') ->param('security', false, new Boolean(true), 'Certificate verification, false for disabled or true for enabled.') ->param('httpUser', '', new Text(256), 'Webhook HTTP user. Max length: 256 chars.', true) ->param('httpPass', '', new Text(256), 'Webhook HTTP password. Max length: 256 chars.', true) diff --git a/src/Appwrite/Network/Validator/URL.php b/src/Appwrite/Network/Validator/URL.php index 61d1941e02..d940c409e0 100644 --- a/src/Appwrite/Network/Validator/URL.php +++ b/src/Appwrite/Network/Validator/URL.php @@ -9,10 +9,20 @@ * * Validate that an variable is a valid URL * - * @package Utopia\Validator + * @package Appwrite\Network\Validator */ class URL extends Validator { + protected array $allowedSchemes; + + /** + * @param array $allowedSchemes + */ + public function __construct(array $allowedSchemes = []) + { + $this->allowedSchemes = $allowedSchemes; + } + /** * Get Description * @@ -22,6 +32,10 @@ class URL extends Validator */ public function getDescription(): string { + if (!empty($this->allowedSchemes)) { + return 'Value must be a valid URL with following schemes (' . \implode(', ', $this->allowedSchemes) . ')'; + } + return 'Value must be a valid URL'; } @@ -39,6 +53,10 @@ public function isValid($value): bool return false; } + if (!empty($this->allowedSchemes) && !\in_array(\parse_url($value, PHP_URL_SCHEME), $this->allowedSchemes)) { + return false; + } + return true; } @@ -65,4 +83,4 @@ public function getType(): string { return self::TYPE_STRING; } -} +} \ No newline at end of file