diff --git a/src/Model/Table/UserSettingsTable.php b/src/Model/Table/UserSettingsTable.php index bdfe535..cc4b5db 100644 --- a/src/Model/Table/UserSettingsTable.php +++ b/src/Model/Table/UserSettingsTable.php @@ -135,4 +135,18 @@ class UserSettingsTable extends AppTable } return $result; } + + /** + * validURI - Ensure the provided URI can be safely put as a link + * + * @param String $uri + * @return bool if the URI is safe to be put as a link + */ + public function validURI(String $uri): bool + { + $parsed = parse_url($uri); + $isLocalPath = empty($parsed['scheme']) && empty($parsed['domain']) && !empty($parsed['path']); + $isValidURL = !empty($parsed['scheme']) && in_array($parsed['scheme'], ['http', 'https']) && filter_var($uri, FILTER_SANITIZE_URL); + return $isLocalPath || $isValidURL; + } } diff --git a/templates/Instance/home.php b/templates/Instance/home.php index 6d91266..e5803c2 100644 --- a/templates/Instance/home.php +++ b/templates/Instance/home.php @@ -1,5 +1,9 @@ user_settings_by_name['ui.bookmarks']['value']) ? json_decode($loggedUser->user_settings_by_name['ui.bookmarks']['value'], true) : []; +$this->userSettingsTable = TableRegistry::getTableLocator()->get('UserSettings'); ?>
= __('No bookmarks') ?>