Sanitize links before storing them

src/Content/Text/BBCode.php

@@ -41,6 +41,7 @@ use Friendica\Model\Tag;
 use Friendica\Network\HTTPClient\Client\HttpClientAccept;
 use Friendica\Network\HTTPClient\Client\HttpClientOptions;
 use Friendica\Util\Map;
+use Friendica\Util\Network;
 use Friendica\Util\ParseUrl;
 use Friendica\Util\Proxy;
 use Friendica\Util\Strings;
@@ -434,7 +435,7 @@ class BBCode
 			return $text;
 		}
 
-		$data['url'] = self::sanitizeLink($data['url']);
+		$data['url'] = Network::sanitizeUrl($data['url']);
 
 		if (isset($data['title'])) {
 			$data['title'] = strip_tags($data['title']);
@@ -487,7 +488,7 @@ class BBCode
 			}
 
 			if (!empty($data['provider_url']) && !empty($data['provider_name'])) {
-				$data['provider_url'] = self::sanitizeLink($data['provider_url']);
+				$data['provider_url'] = Network::sanitizeUrl($data['provider_url']);
 				if (!empty($data['author_name'])) {
 					$return .= sprintf('<sup><a href="%s" target="_blank" rel="noopener noreferrer">%s (%s)</a></sup>', $data['provider_url'], $data['author_name'], $data['provider_name']);
 				} else {
@@ -1067,29 +1068,6 @@ class BBCode
 		return $text;
 	}
 
-	/**
-	 * Remove invalid parts from an URL
-	 *
-	 * @param string $url
-	 * @return string sanitized URL
-	 */
-	private static function sanitizeLink(string $url): string
-	{
-		$sanitzed = $url = trim($url);
-
-		foreach (['"', ' '] as $character) {
-			$pos = strpos($sanitzed, $character);
-			if ($pos !== false) {
-				$sanitzed = trim(substr($sanitzed, 0, $pos));
-			}
-		}
-
-		if ($sanitzed != $url) {
-			Logger::debug('Link got sanitized', ['url' => $url, 'sanitzed' => $sanitzed]);
-		}
-		return $sanitzed;
-	}
-
 	/**
 	 * Callback: Sanitize links from given $match array
 	 *
@@ -1099,9 +1077,9 @@ class BBCode
 	private static function sanitizeLinksCallback(array $match): string
 	{
 		if (count($match) == 3) {
-			return '[' . $match[1] . ']' . self::sanitizeLink($match[2]) . '[/' . $match[1] . ']';
+			return '[' . $match[1] . ']' . Network::sanitizeUrl($match[2]) . '[/' . $match[1] . ']';
 		} else {
-			return '[' . $match[1] . '=' . self::sanitizeLink($match[2]) . ']' . $match[3] . '[/' . $match[1] . ']';
+			return '[' . $match[1] . '=' . Network::sanitizeUrl($match[2]) . ']' . $match[3] . '[/' . $match[1] . ']';
 		}
 	}
 

src/Model/Post/Link.php

@@ -31,6 +31,7 @@ use Friendica\Util\HTTPSignature;
 use Friendica\Util\Images;
 use Friendica\Util\Proxy;
 use Friendica\Object\Image;
+use Friendica\Util\Network;
 
 /**
  * Class Link
@@ -77,7 +78,7 @@ class Link
 		} else {
 			$fields = self::fetchMimeType($url);
 			$fields['uri-id'] = $uriId;
-			$fields['url'] = $url;
+			$fields['url'] = Network::sanitizeUrl($url);
 
 			DBA::insert('post-link', $fields, Database::INSERT_IGNORE);
 			$id = DBA::lastInsertId();

src/Model/Post/Media.php

@@ -96,6 +96,7 @@ class Media
 			return false;
 		}
 
+		$media['url'] = Network::sanitizeUrl($media['url']);
 		$media = self::unsetEmptyFields($media);
 		$media = DI::dbaDefinition()->truncateFieldsForTable('post-media', $media);
 

src/Util/Network.php

@@ -659,6 +659,29 @@ class Network
 		return !empty($scheme) && in_array($scheme, ['http', 'https']) && parse_url($url, PHP_URL_HOST);
 	}
 
+	/**
+	 * Remove invalid parts from an URL
+	 *
+	 * @param string $url
+	 * @return string sanitized URL
+	 */
+	public static function sanitizeUrl(string $url): string
+	{
+		$sanitized = $url = trim($url);
+
+		foreach (['"', ' '] as $character) {
+			$pos = strpos($sanitized, $character);
+			if ($pos !== false) {
+				$sanitized = trim(substr($sanitized, 0, $pos));
+			}
+		}
+
+		if ($sanitized != $url) {
+			Logger::debug('Link got sanitized', ['url' => $url, 'sanitzed' => $sanitized]);
+		}
+		return $sanitized;
+	}
+
 	/**
 	 * Creates an Uri object out of a given Uri string
 	 *