From 4a97690f7842f3a6ecc20e085bf0d62ae7288b61 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 9 Feb 2021 13:59:00 +0100
Subject: [PATCH] Add a check on syntax of hostname for email colector

---
 .../class/emailcollector.class.php             | 18 ++++++++++++++++++
 htdocs/langs/en_US/errors.lang                 |  1 +
 2 files changed, 19 insertions(+)

diff --git a/htdocs/emailcollector/class/emailcollector.class.php b/htdocs/emailcollector/class/emailcollector.class.php
index b01f1883d53..3d07d52506b 100644
--- a/htdocs/emailcollector/class/emailcollector.class.php
+++ b/htdocs/emailcollector/class/emailcollector.class.php
@@ -251,6 +251,15 @@ class EmailCollector extends CommonObject
 	 */
 	public function create(User $user, $notrigger = false)
 	{
+		global $langs;
+
+		// Check parameters
+		if ($this->host && preg_match('/^http:/i', trim($this->host))) {
+			$langs->load("errors");
+			$this->error = $langs->trans("ErrorHostMustNotStartWithHttp", $this->host);
+			return -1;
+		}
+
 		$id = $this->createCommon($user, $notrigger);
 
 		if (is_array($this->filters) && count($this->filters)) {
@@ -449,6 +458,15 @@ class EmailCollector extends CommonObject
 	 */
 	public function update(User $user, $notrigger = false)
 	{
+		global $langs;
+
+		// Check parameters
+		if ($this->host && preg_match('/^http:/i', trim($this->host))) {
+			$langs->load("errors");
+			$this->error = $langs->trans("ErrorHostMustNotStartWithHttp", $this->host);
+			return -1;
+		}
+
 		return $this->updateCommon($user, $notrigger);
 	}
 
diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang
index baf04bbe4b8..545fcdb62fb 100644
--- a/htdocs/langs/en_US/errors.lang
+++ b/htdocs/langs/en_US/errors.lang
@@ -227,6 +227,7 @@ ErrorDuringChartLoad=Error when loading chart of accounts. If few accounts were
 ErrorBadSyntaxForParamKeyForContent=Bad syntax for param keyforcontent. Must have a value starting with %s or %s
 ErrorVariableKeyForContentMustBeSet=Error, the constant with name %s (with text content to show) or %s (with external url to show) must be set.
 ErrorURLMustStartWithHttp=URL %s must start with http:// or https://
+ErrorHostMustNotStartWithHttp=Host name %s must NOT start with http:// or https://
 ErrorNewRefIsAlreadyUsed=Error, the new reference is already used
 ErrorDeletePaymentLinkedToAClosedInvoiceNotPossible=Error, delete payment linked to a closed invoice is not possible.
 ErrorSearchCriteriaTooSmall=Search criteria too small.