From 5d6db5aea5094796170ad05c342ca70424ce0d75 Mon Sep 17 00:00:00 2001
From: Marek Baczynski <marekba@kth.se>
Date: Wed, 17 Oct 2018 14:15:00 +0200
Subject: [PATCH] Some basic URL validation

---
 qr-labels.py            | 6 +++++-
 templates/editlink.html | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/qr-labels.py b/qr-labels.py
index 600f316..7ddcaf7 100644
--- a/qr-labels.py
+++ b/qr-labels.py
@@ -4,8 +4,8 @@ from PIL import Image, ImageFont, ImageDraw
 import qrcode
 from io import BytesIO
 import json, random, re, string
-app = Flask(__name__)
 
+app = Flask(__name__)
 systemURL = 'http://192.168.0.11:5000/'
 randomchars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ123456789' #note the lack of zero
 
@@ -70,6 +70,10 @@ def edit():
 	if url is None:
 		return render_template('editlink.html', code=code)
 	#Saving the link:
+	if url.lower().startswith('https://') is False and url.lower().startswith('http://') is False:
+		return render_template('message.html', message="Only http:// and https:// links alowed. Plz fix your link!")
+	if len(url)>1000:
+		return render_template('message.html', message="This link is too long! It probably contains tracking data or other crap. Please find a shorter link.")
 	links[code]['url']=url
 	saveFile()
 	return render_template('success.html')
diff --git a/templates/editlink.html b/templates/editlink.html
index ed16532..9cda40a 100644
--- a/templates/editlink.html
+++ b/templates/editlink.html
@@ -6,7 +6,7 @@
 QR-code:<br />
 <input type="text" value="{{code}}" disabled /><br />
 URL:<br />
-<input type="text" name="url" value=""/><br />
+<input type="url" name="url" value=""/><br />
 <button type="submit" class="graybar" >Save </button>
 </form>
 {% endblock %}
\ No newline at end of file