From f84844f2a763264c2e4ba265e70fb376c7d938f5 Mon Sep 17 00:00:00 2001
From: Neil Lathwood <neil@lathwood.co.uk>
Date: Tue, 7 Nov 2017 15:32:09 +0000
Subject: [PATCH] fix: Better validation on callback url for Pagerduty
 integration (#7658)

---
 html/pages/settings/alerting.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/pages/settings/alerting.inc.php b/html/pages/settings/alerting.inc.php
index 14a910cb78..8bea9a55a3 100644
--- a/html/pages/settings/alerting.inc.php
+++ b/html/pages/settings/alerting.inc.php
@@ -248,7 +248,7 @@ if (isset($vars['del_pagerduty']) && $vars['del_pagerduty'] == true && is_admin(
 
 $config_groups = get_config_by_group('alerting');
 
-if (isset($config['base_url'])) {
+if (isset($config['base_url']) && filter_var($config['base_url'].'/'.$_SERVER['REQUEST_URI'], FILTER_VALIDATE_URL)) {
     $callback = $config['base_url'].'/'.$_SERVER['REQUEST_URI'].'/';
 } else {
     $callback = get_url().'/';