From d87e1f626476a2a6d601b8d0f34878f6daaebabf Mon Sep 17 00:00:00 2001
From: Tom Moor <tom.moor@gmail.com>
Date: Sat, 2 Nov 2024 13:40:11 -0400
Subject: [PATCH] fix: Cannot use Discord authentication if guild name looks
 like a URL, closes #7776

---
 plugins/discord/server/auth/discord.ts | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/plugins/discord/server/auth/discord.ts b/plugins/discord/server/auth/discord.ts
index 573511d72f..9506030953 100644
--- a/plugins/discord/server/auth/discord.ts
+++ b/plugins/discord/server/auth/discord.ts
@@ -1,4 +1,5 @@
 import passport from "@outlinewiki/koa-passport";
+import { isURL } from "class-validator";
 import type {
   RESTGetAPICurrentUserGuildsResult,
   RESTGetAPICurrentUserResult,
@@ -129,10 +130,19 @@ if (env.DISCORD_CLIENT_ID && env.DISCORD_CLIENT_SECRET) {
               }
             }
 
-            /** Guild Name */
             teamName = guild.name;
             subdomain = slugify(guild.name);
 
+            /** If the guild name is a URL, use the subdomain instead – we do not allow URLs in names. */
+            if (
+              isURL(teamName, {
+                require_host: false,
+                require_protocol: false,
+              })
+            ) {
+              teamName = subdomain;
+            }
+
             /** Fetch the user's member object in the server for nickname and roles */
             const guildMember: RESTGetCurrentUserGuildMemberResult =
               await request(