From ba94bade47b16a8eec55e9b22e861c1a2b799d9a Mon Sep 17 00:00:00 2001
From: Marc Michalsky forumZFD <michalsky@forumzfd.de>
Date: Fri, 12 Feb 2021 09:23:21 +0100
Subject: [PATCH] validate provided url

---
 api/v3/TwingleForm/Create.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/api/v3/TwingleForm/Create.php b/api/v3/TwingleForm/Create.php
index 6244df1..49b9e39 100644
--- a/api/v3/TwingleForm/Create.php
+++ b/api/v3/TwingleForm/Create.php
@@ -46,8 +46,20 @@ function civicrm_api3_twingle_form_Create(array $params): array {
   _civicrm_api3_twingle_form_Create_spec($allowed_params);
   $params = array_intersect_key($params, $allowed_params);
 
+  // Validate url
+  if (!filter_var($params['url'], FILTER_VALIDATE_URL)) {
+    Civi::log()->error(
+      E::LONG_NAME .
+      ': invalid url was provided via TwingleForm.create',
+      $params
+    );
+    return civicrm_api3_create_error('invalid URL', $params);
+  }
+
+  // Re-create TwingleProject
   $result = civicrm_api3('TwingleProject', 'create', $params);
 
+  // Retrun results
   if ($result['is_error'] != 1) {
     return civicrm_api3_create_success(
       $result['values'],