From 36507ea8464a3877cb8ebe699bbecd2deb10f727 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Wed, 5 Jan 2022 15:11:32 +0000
Subject: [PATCH 1/2] Minimal check for url

---
 session.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/session.py b/session.py
index 54ee7200f..0f25c932e 100644
--- a/session.py
+++ b/session.py
@@ -509,6 +509,13 @@ def download_image_any_mime_type(session, url: str,
                                  timeout_sec: int, debug: bool):
     """http GET for an image with any mime type
     """
+    # check that this looks like a url
+    if '://' not in url:
+        if debug:
+            print('WARN: download_image_any_mime_type, ' +
+                  url + ' does not look like a url')
+        return None, None
+
     mime_type = None
     content_type = None
     result = None

From 5341e5a274a517f7fd6dfbff623d267d3d5d505c Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Wed, 5 Jan 2022 15:21:44 +0000
Subject: [PATCH 2/2] Check that string looks like a url when downloading image

---
 session.py | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/session.py b/session.py
index 0f25c932e..b5d98fe47 100644
--- a/session.py
+++ b/session.py
@@ -441,12 +441,27 @@ def post_image(session, attach_image_filename: str, federation_list: [],
     return None
 
 
+def _looks_like_url(url: str) -> bool:
+    """Does the given string look like a url
+    """
+    if not url:
+        return False
+    if '.' not in url:
+        return False
+    if '://' not in url:
+        return False
+    return True
+
+
 def download_image(session, base_dir: str, url: str,
                    image_filename: str, debug: bool,
                    force: bool = False) -> bool:
     """Downloads an image with an expected mime type
     """
-    if not url:
+    if not _looks_like_url(url):
+        if debug:
+            print('WARN: download_image, ' +
+                  url + ' does not look like a url')
         return None
 
     # try different image types
@@ -510,7 +525,7 @@ def download_image_any_mime_type(session, url: str,
     """http GET for an image with any mime type
     """
     # check that this looks like a url
-    if '://' not in url:
+    if not _looks_like_url(url):
         if debug:
             print('WARN: download_image_any_mime_type, ' +
                   url + ' does not look like a url')