From a1ba1478a420dce1506cba056dffea741dbd1569 Mon Sep 17 00:00:00 2001
From: veganedge <scottxbrown@yahoo.com>
Date: Tue, 11 Feb 2025 05:35:47 -0800
Subject: [PATCH] adding filetype validation to the image URL inputs and the
 thumbnail URL input

---
 app/http/endpoints/api/panel/validation.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/http/endpoints/api/panel/validation.go b/app/http/endpoints/api/panel/validation.go
index 57e87e3..d9df7e2 100644
--- a/app/http/endpoints/api/panel/validation.go
+++ b/app/http/endpoints/api/panel/validation.go
@@ -167,12 +167,12 @@ func validateEmoji(c PanelValidationContext) validation.ValidationFunc {
 	}
 }
 
-var urlRegex = regexp.MustCompile(`^https?://([-a-zA-Z0-9@:%._+~#=]{1,256})\.[a-zA-Z0-9()]{1,63}\b([-a-zA-Z0-9()@:%_+.~#?&//=]*)$`)
+var urlRegex = regexp.MustCompile(`^https?://([-a-zA-Z0-9@:%._+~#=]{1,256})\.[a-zA-Z0-9()]{1,63}\b([-a-zA-Z0-9()@:%_+.~#?&//=]*\.(?:gif|jpg|jpeg|png|webp))$`)
 
 func validateNullableUrl(url *string) validation.ValidationFunc {
 	return func() error {
 		if url != nil && (len(*url) > 255 || !urlRegex.MatchString(*url)) {
-			return validation.NewInvalidInputError("Invalid URL")
+			return validation.NewInvalidInputError("Invalid image URL. Must end with .gif, .jpg, .jpeg, .png, or .webp")
 		}
 
 		return nil
@@ -361,13 +361,13 @@ func validateEmbed(e *types.CustomEmbed) error {
 	if e == nil || e.Title != nil || e.Description != nil || len(e.Fields) > 0 || e.ImageUrl != nil || e.ThumbnailUrl != nil {
 		if e.ImageUrl != nil && (len(*e.ImageUrl) > 255 || !urlRegex.MatchString(*e.ImageUrl)) {
 			if *e.ImageUrl != "%avatar_url%" {
-				return validation.NewInvalidInputError("Invalid URL")
+				return validation.NewInvalidInputError("Invalid image URL. Must end with .gif, .jpg, .jpeg, .png, or .webp")
 			}
 		}
 
 		if e.ThumbnailUrl != nil && (len(*e.ThumbnailUrl) > 255 || !urlRegex.MatchString(*e.ThumbnailUrl)) {
 			if *e.ThumbnailUrl != "%avatar_url%" {
-				return validation.NewInvalidInputError("Invalid URL")
+				return validation.NewInvalidInputError("Invalid image URL. Must end with .gif, .jpg, .jpeg, .png, or .webp")
 			}
 		}