From 742f42115f2fbd83ec757507ab10478aa6c072d7 Mon Sep 17 00:00:00 2001
From: Justin Hawkins <justin@hawkins.id.au>
Date: Fri, 10 Jun 2022 11:23:55 +0930
Subject: [PATCH] Add error checking for URL validity

---
 db/bookmarks.go | 8 ++++++++
 web/web.go      | 7 +++++++
 2 files changed, 15 insertions(+)

diff --git a/db/bookmarks.go b/db/bookmarks.go
index 5192456..74456df 100644
--- a/db/bookmarks.go
+++ b/db/bookmarks.go
@@ -1,9 +1,11 @@
 package db
 
 import (
+	"errors"
 	"fmt"
 	"io"
 	"log"
+	"strings"
 	"sync"
 	"time"
 
@@ -32,6 +34,12 @@ func NewBookmarkManager(db *DB) *BookmarkManager {
 // if this bookmark already exists (based on URL match).
 // The entity.Bookmark ID field will be updated.
 func (m *BookmarkManager) AddBookmark(bm *entity.Bookmark) error {
+
+	if strings.Index(bm.URL, "https://") != 0 &&
+		strings.Index(bm.URL, "http://") != 0 {
+		return errors.New("URL must begin with http:// or https://")
+	}
+
 	existing := entity.Bookmark{}
 	err := m.db.store.FindOne(&existing, bolthold.Where("URL").Eq(bm.URL))
 	if err != bolthold.ErrNotFound {
diff --git a/web/web.go b/web/web.go
index d7f5d89..7dab75d 100644
--- a/web/web.go
+++ b/web/web.go
@@ -205,6 +205,13 @@ func Create(bmm *db.BookmarkManager, cmm *db.ConfigManager) *Server {
 			"bm":    bm,
 			"error": err,
 		}
+
+		if err != nil {
+			data["url"] = url
+			data["tags"] = tags
+			data["tags_hidden"] = c.PostForm("tags_hidden")
+		}
+
 		c.HTML(http.StatusOK, "add_url_form.html", data)
 	})
 	r.POST("/add_bulk", func(c *gin.Context) {