From e80d616ef4397e6e764f6b7b7a5b30121244933c Mon Sep 17 00:00:00 2001
From: James Cole <thegrumpydictator@gmail.com>
Date: Fri, 2 Aug 2019 17:05:54 +0200
Subject: [PATCH] Fix #2367

---
 .../FinTS/NewFinTSJobHandler.php              | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/app/Support/Import/JobConfiguration/FinTS/NewFinTSJobHandler.php b/app/Support/Import/JobConfiguration/FinTS/NewFinTSJobHandler.php
index 2c688158e0..51da2ed0f0 100644
--- a/app/Support/Import/JobConfiguration/FinTS/NewFinTSJobHandler.php
+++ b/app/Support/Import/JobConfiguration/FinTS/NewFinTSJobHandler.php
@@ -60,6 +60,9 @@ class NewFinTSJobHandler implements FinTSConfigurationInterface
         $config['fints_password']  = (string)(Crypt::encrypt($data['fints_password']) ?? '');
         $config['apply-rules']     = 1 === (int)$data['apply_rules'];
 
+        // sanitize FinTS URL.
+        $config['fints_url'] = $this->validURI($config['fints_url']) ? $config['fints_url'] : '';
+
         $this->repository->setConfiguration($this->importJob, $config);
 
 
@@ -108,4 +111,21 @@ class NewFinTSJobHandler implements FinTSConfigurationInterface
         $this->repository->setUser($importJob->user);
     }
 
+    /**
+     * @param string $fints_url
+     *
+     * @return bool
+     */
+    private function validURI(string $fintsUri): bool
+    {
+        $res = filter_var($fintsUri, FILTER_VALIDATE_URL);
+        if (false === $res) {
+            return false;
+        }
+        $scheme = parse_url($fintsUri, PHP_URL_SCHEME);
+
+        return 'https' === $scheme;
+    }
+
+
 }