From 8b62b68860a9811af8f7d654e4e0f82c2029726d Mon Sep 17 00:00:00 2001
From: Johan Cwiklinski <jcwiklinski@teclib.com>
Date: Fri, 10 Jul 2020 07:25:28 +0200
Subject: [PATCH 1/2] Wrong invalid URL check; closes #7642

---
 inc/toolbox.class.php   | 2 +-
 tests/units/Toolbox.php | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/inc/toolbox.class.php b/inc/toolbox.class.php
index b0c391fff31..c0fdded6c6c 100644
--- a/inc/toolbox.class.php
+++ b/inc/toolbox.class.php
@@ -3461,7 +3461,7 @@ public static function isAPIDeprecated(string $class): bool {
     */
    public static function isValidWebUrl($url): bool {
       return (preg_match(
-         '#^http[s]?://[a-z0-9\-_]+(\.([a-z0-9\-]+\.)?[a-z]+)?(:\d+)?(/.*)?$#i',
+         '#^http[s]?://[a-z0-9\-_]+(\.([a-z0-9\-\.]+\.)?[a-z]+)?(:\d+)?(/.*)?$#i',
          $url
       ) === 1);
    }
diff --git a/tests/units/Toolbox.php b/tests/units/Toolbox.php
index 29f0ef1d8e5..8011783fbf8 100644
--- a/tests/units/Toolbox.php
+++ b/tests/units/Toolbox.php
@@ -909,6 +909,7 @@ protected function urlProvider() {
          ['http://my.host.com:8080 /', false],
          ['http://my.host.com: 8080/', false],
          ['http://my.host.com :8080/', false],
+         ['http://helpdesk.global.glpi-project.org', true]
       ];
    }
 

From 5c74c0032a82677f163637671784b4a096765773 Mon Sep 17 00:00:00 2001
From: Johan Cwiklinski <trasher@x-tnd.be>
Date: Fri, 10 Jul 2020 10:41:15 +0200
Subject: [PATCH 2/2] Improve URL checks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Cédric Anne <cedric.anne@gmail.com>
---
 inc/toolbox.class.php   | 2 +-
 tests/units/Toolbox.php | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/inc/toolbox.class.php b/inc/toolbox.class.php
index c0fdded6c6c..676cae01cb1 100644
--- a/inc/toolbox.class.php
+++ b/inc/toolbox.class.php
@@ -3461,7 +3461,7 @@ public static function isAPIDeprecated(string $class): bool {
     */
    public static function isValidWebUrl($url): bool {
       return (preg_match(
-         '#^http[s]?://[a-z0-9\-_]+(\.([a-z0-9\-\.]+\.)?[a-z]+)?(:\d+)?(/.*)?$#i',
+         '#^http[s]?://[a-z0-9\-_]+(\.([a-z0-9\-]+\.)*[a-z]+)?(:\d+)?(/.*)?$#i',
          $url
       ) === 1);
    }
diff --git a/tests/units/Toolbox.php b/tests/units/Toolbox.php
index 8011783fbf8..9ec2f7af3a4 100644
--- a/tests/units/Toolbox.php
+++ b/tests/units/Toolbox.php
@@ -909,7 +909,8 @@ protected function urlProvider() {
          ['http://my.host.com:8080 /', false],
          ['http://my.host.com: 8080/', false],
          ['http://my.host.com :8080/', false],
-         ['http://helpdesk.global.glpi-project.org', true]
+         ['http://helpdesk.global.glpi-project.org', true],
+         ['http://dev.helpdesk.global.glpi-project.org', true],
       ];
    }