From 572f31a5bd5b14b7ebe2d9e9ed50382b988f8d5d Mon Sep 17 00:00:00 2001
From: Dan Stillman <dstillman@zotero.org>
Date: Mon, 17 Dec 2007 21:53:26 +0000
Subject: [PATCH] Addresses #821, Validate URL in linkFromURL() before calling
 doHead()

Not fixing this in the attachments layer -- even if I corrected URLs in the attachments layer, the translation layer would still revert them to the original. Instead, importFromURL() and linkFromURL() will now just throw an explicit error if passed an invalid URL.
---
 chrome/content/zotero/xpcom/attachments.js | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/chrome/content/zotero/xpcom/attachments.js b/chrome/content/zotero/xpcom/attachments.js
index a6d44c4d4..f58983883 100644
--- a/chrome/content/zotero/xpcom/attachments.js
+++ b/chrome/content/zotero/xpcom/attachments.js
@@ -174,6 +174,13 @@ Zotero.Attachments = new function(){
 	function importFromURL(url, sourceItemID, forceTitle, forceFileBaseName, parentCollectionIDs){
 		Zotero.debug('Importing attachment from URL');
 		
+		// Throw error on invalid URLs
+		urlRe = /^https?:\/\/[^\s]*$/;
+		var matches = urlRe.exec(url);
+		if (!matches) {
+			throw ("Invalid URL '" + url + "' in Zotero.Attachments.importFromURL()");
+		}
+		
 		Zotero.Utilities.HTTP.doHead(url, function(obj){
 			var mimeType = obj.channel.contentType;
 			
@@ -343,6 +350,13 @@ Zotero.Attachments = new function(){
 	function linkFromURL(url, sourceItemID, mimeType, title){
 		Zotero.debug('Linking attachment from URL');
 		
+		// Throw error on invalid URLs
+		urlRe = /^https?:\/\/[^\s]*$/;
+		var matches = urlRe.exec(url);
+		if (!matches) {
+			throw ("Invalid URL '" + url + "' in Zotero.Attachments.linkFromURL()");
+		}
+		
 		// If no title provided, figure it out from the URL
 		if (!title){
 			title = url.substring(url.lastIndexOf('/')+1);