Force http/https for webhook and add error_log in index

controllers/internals/Webhook.php

@@ -27,6 +27,12 @@ class Webhook extends StandardController
      */
     public function create(int $id_user, string $url, string $type)
     {
+        //Must ensure http(s) protocole for protection against ssrf
+        if (!mb_ereg_match('^http(s?)://', $url))
+        {
+            return false;
+        }
+
         $webhook = [
             'id_user' => $id_user,
             'url' => $url,
@@ -54,6 +60,12 @@ class Webhook extends StandardController
      */
     public function update_for_user(int $id_user, int $id, string $url, string $type)
     {
+        //Must ensure http(s) protocole for protection against ssrf
+        if (!mb_ereg_match('^http(s?)://', $url))
+        {
+            return false;
+        }
+
         $datas = [
             'url' => $url,
             'type' => $type,

controllers/publics/Webhook.php

@@ -123,7 +123,7 @@ namespace controllers\publics;
             {
                 \FlashMessage\FlashMessage::push('danger', 'Impossible de créer ce webhook.');
 
-                return $this->redirect(\descartes\Router::url('webhooks', 'add'));
+                return $this->redirect(\descartes\Router::url('Webhook', 'add'));
             }
 
             \FlashMessage\FlashMessage::push('success', 'La webhook a bien été créé.');

index.php

@@ -25,6 +25,7 @@
     }
     catch (\Throwable $e)
     {
+        error_log($e);
         $controller = new \controllers\internals\HttpError();
         $controller->unknown();
     }