From 6f31082a711d411d2c4ea70922d8879973e4355d Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 17 Sep 2024 07:57:25 +0200
Subject: [PATCH] fix: [bookmarks] added more error handling for malformed
 bookmarks

---
 src/Model/Table/UserSettingsTable.php | 10 +++++++---
 templates/Instance/home.php           |  6 +++---
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/Model/Table/UserSettingsTable.php b/src/Model/Table/UserSettingsTable.php
index cc4b5db..81cec2c 100644
--- a/src/Model/Table/UserSettingsTable.php
+++ b/src/Model/Table/UserSettingsTable.php
@@ -144,9 +144,13 @@ class UserSettingsTable extends AppTable
      */
     public function validURI(String $uri): bool
     {
-        $parsed = parse_url($uri);
-        $isLocalPath = empty($parsed['scheme']) && empty($parsed['domain']) && !empty($parsed['path']);
-        $isValidURL = !empty($parsed['scheme']) && in_array($parsed['scheme'], ['http', 'https']) && filter_var($uri, FILTER_SANITIZE_URL);
+        try {
+            $parsed = parse_url($uri);
+            $isLocalPath = empty($parsed['scheme']) && empty($parsed['domain']) && !empty($parsed['path']);
+            $isValidURL = !empty($parsed['scheme']) && in_array($parsed['scheme'], ['http', 'https']) && filter_var($uri, FILTER_SANITIZE_URL);
+        } catch (\Exception $e) {
+            return false;
+        }
         return $isLocalPath || $isValidURL;
     }
 }
diff --git a/templates/Instance/home.php b/templates/Instance/home.php
index 814e294..aa5c845 100644
--- a/templates/Instance/home.php
+++ b/templates/Instance/home.php
@@ -18,16 +18,16 @@ $this->userSettingsTable = TableRegistry::getTableLocator()->get('UserSettings')
         <ul class="col-sm-12 col-md-10 col-l-8 col-xl-8 mb-3">
             <?php foreach ($bookmarks as $bookmark) : ?>
                 <li class="list-group-item">
-                    <?php if ($this->userSettingsTable->validURI($bookmark['url'])): ?>
+                    <?php if (!empty($bookmark['url']) && $this->userSettingsTable->validURI($bookmark['url'])): ?>
                         <a href="<?= h($bookmark['url']) ?>" class="w-bold">
                             <?= h($bookmark['label']) ?>
                         </a>
                     <?php else: ?>
                         <span class="w-bold">
-                            <?= h($bookmark['url']) ?>
+                            <?= !empty($bookmark['url']) ? h($bookmark['url']) : '' ?>
                         </span>
                     <?php endif; ?>
-                    <span class="ms-3 fw-light"><?= h($bookmark['name']) ?></span>
+                    <span class="ms-3 fw-light"><?= !empty($bookmark['name']) ? h($bookmark['name']): '' ?></span>
                 </li>
             <?php endforeach; ?>
         </ul>