Allow only HTTPS links as login URL.

This commit is contained in:
levlam 2022-05-13 14:29:32 +03:00
parent 486a32cf40
commit 8a9ea2899b

View File

@ -537,7 +537,7 @@ static Result<InlineKeyboardButton> get_inline_keyboard_button(tl_object_ptr<td_
if (user_id.is_valid()) { if (user_id.is_valid()) {
return Status::Error(400, "Link to a user can't be used in login URL buttons"); return Status::Error(400, "Link to a user can't be used in login URL buttons");
} }
auto r_url = LinkManager::check_link(button_type->url_, true); auto r_url = LinkManager::check_link(button_type->url_, true, !G()->is_test_dc());
if (r_url.is_error()) { if (r_url.is_error()) {
return Status::Error(400, PSLICE() << "Inline keyboard button login " << r_url.error().message()); return Status::Error(400, PSLICE() << "Inline keyboard button login " << r_url.error().message());
} }