diff --git a/src/rpc/budget.cpp b/src/rpc/budget.cpp index e05b61ff9b272..27d60764e7332 100644 --- a/src/rpc/budget.cpp +++ b/src/rpc/budget.cpp @@ -56,8 +56,9 @@ void checkBudgetInputs(const UniValue& params, std::string &strProposalName, std throw JSONRPCError(RPC_INVALID_PARAMETER, "Invalid proposal name, limit of 20 characters."); strURL = SanitizeString(params[1].get_str()); - if (strURL.size() > 64) - throw JSONRPCError(RPC_INVALID_PARAMETER, "Invalid url, limit of 64 characters."); + std::string strErr; + if (!validateURL(strURL, strErr)) + throw JSONRPCError(RPC_INVALID_PARAMETER, strErr); nPaymentCount = params[2].get_int(); if (nPaymentCount < 1) diff --git a/src/utilstrencodings.cpp b/src/utilstrencodings.cpp index 16fd87aa4f3d5..c3146d349a72f 100644 --- a/src/utilstrencodings.cpp +++ b/src/utilstrencodings.cpp @@ -39,6 +39,33 @@ std::string SanitizeString(const std::string& str, int rule) return strResult; } +bool validateURL(std::string strURL, std::string& strErr, unsigned int maxSize) { + + // Check URL size + if (strURL.size() > maxSize) { + strErr = strprintf("Invalid URL: %d exceeds limit of %d characters.", strURL.size(), maxSize); + return false; + } + + std::vector reqPre; + + // Required initial strings; URL must contain one + reqPre.push_back("http://"); + reqPre.push_back("https://"); + + // check fronts + bool found = false; + for (int i=0; i < reqPre.size() && !found; i++) { + if (strURL.find(reqPre[i]) == 0) found = true; + } + if ((!found) && (reqPre.size() > 0)) { + strErr = "Invalid URL, check scheme (e.g. https://)"; + return false; + } + + return true; +} + const signed char p_util_hexdigit[256] = { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, diff --git a/src/utilstrencodings.h b/src/utilstrencodings.h index 97c3bfd91fbc9..711f2aaafbbb5 100644 --- a/src/utilstrencodings.h +++ b/src/utilstrencodings.h @@ -40,6 +40,16 @@ enum SafeChars * @return A new string without unsafe chars */ std::string SanitizeString(const std::string& str, int rule = SAFE_CHARS_DEFAULT); + +/** +* Check URL format for conformance for validity to a defined pattern +* @param[in] strURL The string to be processed for validity +* @param[in] stdErr A string that will be loaded with any validation error message +* @param[in] maxSize An unsigned int, defaulted to 64, to restrict the length +* @return A bool, true if valid, false if not (reason in stdErr) +*/ +bool validateURL(std::string strURL, std::string& strErr, unsigned int maxSize = 64); + std::vector ParseHex(const char* psz); std::vector ParseHex(const std::string& str); signed char HexDigit(char c);