Validate the website field input to be a valid URL

Signed-off-by: Joas Schilling <coding@schilljs.com>

Author: nickvergessen

apps/settings/lib/Controller/UsersController.php

@@ -496,6 +496,9 @@ protected function saveUserSettings(IUser $user, array $data): array {
 			if ($e->getMessage() === IAccountManager::PROPERTY_PHONE) {
 				throw new \InvalidArgumentException($this->l10n->t('Unable to set invalid phone number'));
 			}
+			if ($e->getMessage() === IAccountManager::PROPERTY_WEBSITE) {
+				throw new \InvalidArgumentException($this->l10n->t('Unable to set invalid website'));
+			}
 			throw new \InvalidArgumentException($this->l10n->t('Some account data was invalid'));
 		}
 	}

lib/private/Accounts/AccountManager.php

@@ -144,6 +144,15 @@ public function updateUser(IUser $user, array $data, bool $throwOnData = false):
 			}
 		}
 
+		if (isset($data[self::PROPERTY_WEBSITE])
+			&& $data[self::PROPERTY_WEBSITE]['value'] !== ''
+			&& filter_var($data[self::PROPERTY_WEBSITE]['value'], FILTER_VALIDATE_URL) === false) {
+			if ($throwOnData) {
+				throw new \InvalidArgumentException(self::PROPERTY_WEBSITE);
+			}
+			$data[self::PROPERTY_WEBSITE]['value'] = '';
+		}
+
 		if (empty($userData)) {
 			$this->insertNewUser($user, $data);
 		} elseif ($userData !== $data) {