From 1b791347d8d23f05cd1d74e97abec5cea73d9483 Mon Sep 17 00:00:00 2001
From: Yohan Boniface <yohanboniface@free.fr>
Date: Fri, 2 Jun 2023 22:45:13 +0200
Subject: [PATCH] Also catch InvalidURL in ajax-proxy

fix #1119
---
 umap/tests/test_views.py | 11 +++++++++++
 umap/views.py            |  3 +++
 2 files changed, 14 insertions(+)

diff --git a/umap/tests/test_views.py b/umap/tests/test_views.py
index a4fa8d23..2ceeee33 100644
--- a/umap/tests/test_views.py
+++ b/umap/tests/test_views.py
@@ -112,6 +112,17 @@ def test_valid_proxy_request_with_invalid_ttl(client):
     assert "X-Accel-Expires" not in response
 
 
+def test_invalid_proxy_url_should_return_400(client):
+    url = reverse("ajax-proxy")
+    params = {"url": "http://example.org/a space is invalid"}
+    headers = {
+        "HTTP_X_REQUESTED_WITH": "XMLHttpRequest",
+        "HTTP_REFERER": settings.SITE_URL,
+    }
+    response = client.get(url, params, **headers)
+    assert response.status_code == 400
+
+
 @pytest.mark.django_db
 def test_login_does_not_contain_form_if_not_enabled(client, settings):
     settings.ENABLE_ACCOUNT_LOGIN = False
diff --git a/umap/views.py b/umap/views.py
index 17c8b034..e65d26c5 100644
--- a/umap/views.py
+++ b/umap/views.py
@@ -4,6 +4,7 @@ import os
 import re
 import socket
 from datetime import date, timedelta
+from http.client import InvalidURL
 from pathlib import Path
 from urllib.error import URLError
 
@@ -306,6 +307,8 @@ class AjaxProxy(View):
             return HttpResponse(e.msg, status=e.code, content_type="text/plain")
         except URLError:
             return HttpResponseBadRequest("URL error")
+        except InvalidURL:
+            return HttpResponseBadRequest("Invalid URL")
         else:
             status_code = proxied_request.code
             mimetype = proxied_request.headers.get(