# HG changeset patch
# User Sebastien Jodogne <s.jodogne@gmail.com>
# Date 1593090701 -7200
# Node ID da06381f3091a6678723dd6ce149beddecb6944b
# Parent  25812a487037376914f8a46e2f776649d9c3be37
backporting fix from framework branch to mainline

diff -r 25812a487037 -r da06381f3091 Core/WebServiceParameters.cpp
--- a/Core/WebServiceParameters.cpp	Thu Jun 25 08:28:11 2020 +0200
+++ b/Core/WebServiceParameters.cpp	Thu Jun 25 15:11:41 2020 +0200
@@ -43,6 +43,7 @@
 #  include "SystemToolbox.h"
 #endif
 
+#include <boost/algorithm/string/find.hpp>
 #include <cassert>
 
 namespace Orthanc
@@ -89,10 +90,19 @@
 
   void WebServiceParameters::SetUrl(const std::string& url)
   {
-    if (!Toolbox::StartsWith(url, "http://") &&
-        !Toolbox::StartsWith(url, "https://"))
+    if (boost::find_first(url, "://"))
     {
-      throw OrthancException(ErrorCode_BadFileFormat, "Bad URL: " + url);
+      // Only allow the HTTP and HTTPS protocols
+      if (!Toolbox::StartsWith(url, "http://") &&
+          !Toolbox::StartsWith(url, "https://"))
+      {
+        throw OrthancException(ErrorCode_BadFileFormat, "Bad URL: " + url);
+      }
+    }
+
+    if (url.empty())
+    {
+      throw OrthancException(ErrorCode_BadFileFormat, "Empty URL");
     }
 
     // Add trailing slash if needed