From 10b178c8ee08a68ef8c29f33b500e4e969478a2a Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Thu, 28 Jan 2021 21:23:15 -0700
Subject: [PATCH] Update SiteController, use url validator in redirect endpoint

---
 app/Http/Controllers/SiteController.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/Http/Controllers/SiteController.php b/app/Http/Controllers/SiteController.php
index c93a5e68f..01c212717 100644
--- a/app/Http/Controllers/SiteController.php
+++ b/app/Http/Controllers/SiteController.php
@@ -9,6 +9,7 @@ use App\Util\Lexer\PrettyNumber;
 use App\{Follower, Page, Profile, Status, User, UserFilter};
 use App\Util\Localization\Localization;
 use App\Services\FollowerService;
+use App\Util\ActivityPub\Helpers;
 
 class SiteController extends Controller
 {
@@ -112,6 +113,7 @@ class SiteController extends Controller
             'url' => 'required|url'
         ]);
         $url = request()->input('url');
+        abort_if(Helpers::validateUrl($url) == false, 404);
         return view('site.redirect', compact('url'));
     }