From 0276cf5a02f555938a7a3e71b6ab24228b1a5fda Mon Sep 17 00:00:00 2001
From: Maksim Pechnikov <parallel588@gmail.com>
Date: Tue, 25 Jun 2019 15:52:53 +0300
Subject: [PATCH] fix validate_url for private ip

---
 lib/pleroma/web/rich_media/helpers.ex | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/lib/pleroma/web/rich_media/helpers.ex b/lib/pleroma/web/rich_media/helpers.ex
index 94f56f70d..473ff800f 100644
--- a/lib/pleroma/web/rich_media/helpers.ex
+++ b/lib/pleroma/web/rich_media/helpers.ex
@@ -8,13 +8,21 @@ defmodule Pleroma.Web.RichMedia.Helpers do
   alias Pleroma.Object
   alias Pleroma.Web.RichMedia.Parser
 
+  @private_ip_regexp ~r/(127\.)|(10\.\d+\.\d+.\d+)|(192\.168\.)
+  |(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(localhost)/
+
   defp validate_page_url(page_url) when is_binary(page_url) do
     validate_tld = Application.get_env(:auto_linker, :opts)[:validate_tld]
 
-    if AutoLinker.Parser.url?(page_url, scheme: true, validate_tld: validate_tld) do
-      URI.parse(page_url) |> validate_page_url
-    else
-      :error
+    cond do
+      Regex.match?(@private_ip_regexp, page_url) ->
+        :error
+
+      AutoLinker.Parser.url?(page_url, scheme: true, validate_tld: validate_tld) ->
+        URI.parse(page_url) |> validate_page_url
+
+      true ->
+        :error
     end
   end