From b71d53c1a8d3780b2d16e0bf039b5d7e61c495d8 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 17 Mar 2025 15:10:19 +0100
Subject: [PATCH] post.php: validate embed url

---
 post.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/post.php b/post.php
index 27a45413..8f229135 100644
--- a/post.php
+++ b/post.php
@@ -953,7 +953,11 @@ function handle_post(Context $ctx)
     // Check for an embed field
     if ($config['enable_embedding'] && isset($_POST['embed']) && !empty($_POST['embed'])) {
         // yep; validate it
-        $value = $_POST['embed'];
+        $value = \trim($_POST['embed']);
+        if (\filter_var($value, \FILTER_VALIDATE_URL) === false) {
+            error($config['error']['invalid_embed']);
+        }
+
         foreach ($config['embedding'] as &$embed) {
             if (preg_match($embed[0], $value)) {
                 // Valid link