Merge pull request #114 from TtuxX/patch-3

Fix http / https protocol requirement.

controller/lib/bookmarks.php

@@ -428,11 +428,13 @@ class Bookmarks {
 	 */
 	public static function addBookmark($userid, IDb $db, $url, $title, $tags = array(), $description = '', $is_public = false) {
 		$public = $is_public ? 1 : 0;
+		$url_without_prefix = substr($url, strpos($url, "://") + 3); // Removes everything from the url before the "://" pattern (included)
+		$enc_url_noprefix = htmlspecialchars_decode($url_without_prefix);
 		$enc_url = htmlspecialchars_decode($url);
 		// Change lastmodified date if the record if already exists
-		$sql = "SELECT * from  `*PREFIX*bookmarks` WHERE `url` = ? AND `user_id` = ?";
+		$sql = "SELECT * from  `*PREFIX*bookmarks` WHERE `url` like ? AND `user_id` = ?";
 		$query = $db->prepareQuery($sql, 1);
-		$result = $query->execute(array($enc_url, $userid));
+		$result = $query->execute(array('%'.$enc_url_noprefix, $userid)); // Find url in the db independantly from its protocol
 		if ($row = $result->fetchRow()) {
 			$params = array();
 			$title_str = '';
@@ -446,8 +448,9 @@ class Bookmarks {
 				$params[] = $description;
 			}
 			$sql = "UPDATE `*PREFIX*bookmarks` SET `lastmodified` = "
-					. "UNIX_TIMESTAMP() $title_str $desc_str WHERE `url` = ? and `user_id` = ?";
+					. "UNIX_TIMESTAMP() $title_str $desc_str , `url` = ? WHERE `url` like ? and `user_id` = ?";
 			$params[] = $enc_url;
+			$params[] = '%'.$enc_url_noprefix;
 			$params[] = $userid;
 			$query = $db->prepareQuery($sql);
 			$query->execute($params);

controller/rest/bookmarkcontroller.php

@@ -68,19 +68,40 @@ class BookmarkController extends ApiController {
 	 */
 	public function newBookmark($url = "", $item = array(), $from_own = 0, $title = "", $is_public = false, $description = "") {
 
-		// Check if it is a valid URL
+		if ($from_own == 0) {
+			// allow only http(s) and (s)ftp
+			$protocols = '/^(https?|s?ftp)\:\/\//i';
+			if (preg_match($protocols, $url)) {
+				$datas = Bookmarks::getURLMetadata($url);
+			// if not (allowed) protocol is given, assume http and https (and fetch both)
+			} else { 
+				// append https to url and fetch it
+				$url_https = 'https://' . $url;
+				$datas_https = Bookmarks::getURLMetadata($url_https);
+				// append http to url and fetch it
+				$url_http = 'http://' . $url;
+				$datas_http = Bookmarks::getURLMetadata($url_http);
+			}
+			
+			if (isset($datas['title'])) { // prefer original url if working
+				$title = $datas['title'];
+				//url remains unchanged
+			} elseif (isset($datas_https['title'])) { // test if https works
+				$title = $datas_https['title'];
+				$url = $url_https;
+			} elseif (isset($datas_http['title'])) { // otherwise test http for results
+				$title = $datas_http['title'];
+				$url = $url_http;
+			}
+		}
+
+		// Check if it is a valid URL (after adding http(s) prefix)
 		if (filter_var($url, FILTER_VALIDATE_URL) === FALSE) {
 			return new JSONResponse(array('status' => 'error'), Http::STATUS_BAD_REQUEST);
 		}
 
 		$tags = isset($item['tags']) ? $item['tags'] : array();
 
-		if ($from_own == 0) {
-			$datas = Bookmarks::getURLMetadata($url);
-			if (isset($datas['title'])) {
-				$title = $datas['title'];
-			}
-		}
 		$id = Bookmarks::addBookmark($this->userId, $this->db, $url, $title, $tags, $description, $is_public);
 		$bm = Bookmarks::findUniqueBookmark($id, $this->userId, $this->db);
 		return new JSONResponse(array('item' => $bm, 'status' => 'success'));