fix Bug 65922

ONLYOFFICE · Jan 17, 2024 · 37045a7 · 37045a7
1 parent e216cef
commit 37045a7
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/common/ASC.Webhooks.Core/DbWorker.cs b/common/ASC.Webhooks.Core/DbWorker.cs
@@ -84,7 +84,9 @@ public async Task<WebhooksConfig> AddWebhookConfig(string uri, string name, stri
 
         var restrictions = _configuration.GetSection("webhooks:blacklist").Get<List<string>>() ?? new List<string>();
 
-        if (Uri.TryCreate(uri, UriKind.Absolute, out var parsedUri) && restrictions.Any(r => IPAddressRange.MatchIPs(parsedUri.Host, r)))
+        if (Uri.TryCreate(uri, UriKind.Absolute, out var parsedUri) &&         
+            System.Net.IPAddress.TryParse(parsedUri.Host, out _) && 
+            restrictions.Any(r => IPAddressRange.MatchIPs(parsedUri.Host, r)))
         {
             throw new SecurityException();
         }

diff --git a/web/ASC.Web.Api/ApiModels/RequestsDto/WebhooksConfigRequestsDto.cs b/web/ASC.Web.Api/ApiModels/RequestsDto/WebhooksConfigRequestsDto.cs
@@ -42,6 +42,7 @@ public class WebhooksConfigRequestsDto
 
     /// <summary>URI</summary>
     /// <type>System.String, System</type>
+    [Url]
     public string Uri { get; set; }
 
     /// <summary>Secret key</summary>