From 9fdd7d46c7b73462cc054986d58e2d94a43a9cf3 Mon Sep 17 00:00:00 2001
From: Coleman <penguincoder@gmail.com>
Date: Thu, 7 Aug 2008 17:45:33 -0500
Subject: [PATCH] better safe url checking

---
 app/models/comment.rb | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/app/models/comment.rb b/app/models/comment.rb
index 9db5c45..bf46ae6 100644
--- a/app/models/comment.rb
+++ b/app/models/comment.rb
@@ -1,6 +1,7 @@
 class Comment < ActiveRecord::Base
   belongs_to :page
   belongs_to :author
+  validate :safe_url
   
   def name
     if self.author
@@ -9,4 +10,16 @@ class Comment < ActiveRecord::Base
       self.user
     end
   end
+  
+  private
+  
+  def safe_url
+    return true if self.url.to_s.empty?
+    if self.url =~ /^http:\/\// and self.url !~ /[^a-zA-Z0-9\._:\-\/]/
+      true
+    else
+      self.errors.add(:url, "is not a permissible address")
+      false
+    end
+  end
 end
\ No newline at end of file