From 33899664ce50f7b1080b42282943944df7b3a644 Mon Sep 17 00:00:00 2001
From: Arpit Jalan <arpit@techapj.com>
Date: Thu, 17 May 2018 13:21:24 +0530
Subject: [PATCH] FIX: handle bad user profile website

---
 app/models/user_profile.rb       | 5 ++++-
 spec/models/user_profile_spec.rb | 7 +++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/app/models/user_profile.rb b/app/models/user_profile.rb
index 721d04196ab..11ebf37cb52 100644
--- a/app/models/user_profile.rb
+++ b/app/models/user_profile.rb
@@ -140,7 +140,10 @@ class UserProfile < ActiveRecord::Base
     allowed_domains = SiteSetting.user_website_domains_whitelist
     return if (allowed_domains.blank? || self.website.blank?)
 
-    domain = URI.parse(self.website).host
+    domain = begin
+      URI.parse(self.website).host
+    rescue URI::InvalidURIError
+    end
     self.errors.add :base, (I18n.t('user.website.domain_not_allowed', domains: allowed_domains.split('|').join(", "))) unless allowed_domains.split('|').include?(domain)
   end
 
diff --git a/spec/models/user_profile_spec.rb b/spec/models/user_profile_spec.rb
index 52db9059332..ee05902c3ec 100644
--- a/spec/models/user_profile_spec.rb
+++ b/spec/models/user_profile_spec.rb
@@ -71,6 +71,13 @@ describe UserProfile do
         user_profile.website = "http://discourse.org"
         expect(user_profile).to be_valid
       end
+
+      it "doesn't blow up with an invalid URI" do
+        SiteSetting.user_website_domains_whitelist = "discourse.org"
+
+        user_profile.website = 'user - https://forum.example.com/user'
+        expect { user_profile.save! }.to raise_error(ActiveRecord::RecordInvalid)
+      end
     end
 
     describe 'after save' do