From 2ea895199aa705a75136c0e0e73729c368bfd2fe Mon Sep 17 00:00:00 2001
From: strawberry <strawberry@puppygock.gay>
Date: Sat, 10 Feb 2024 12:28:49 -0500
Subject: [PATCH] dont drop true error with url str parse, fix url contains
 logic order, clarify config comment

Signed-off-by: strawberry <strawberry@puppygock.gay>
---
 conduwuit-example.toml         | 2 +-
 src/api/client_server/media.rs | 9 ++++++---
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/conduwuit-example.toml b/conduwuit-example.toml
index 31aa430d..0f02a200 100644
--- a/conduwuit-example.toml
+++ b/conduwuit-example.toml
@@ -176,7 +176,7 @@ url_preview_domain_contains_allowlist = []
 url_preview_domain_explicit_allowlist = []
 
 # Vector list of URLs allowed to send requests to for URL previews. Defaults to none.
-# Note that this is a *contains* match, not an explicit match. Putting "https://google.com" will match "https://google.com/" and "https://google.com/url?q=https://mymaliciousdomainexample.com"
+# Note that this is a *contains* match, not an explicit match. Putting "google.com" will match "https://google.com/", "https://google.com/url?q=https://mymaliciousdomainexample.com", and "https://mymaliciousdomainexample.com/hi/google.com"
 # Setting this to "*" will allow all URL previews. Please note that this opens up significant attack surface to your server, you are expected to be aware of the risks by doing so.
 url_preview_url_contains_allowlist = []
 
diff --git a/src/api/client_server/media.rs b/src/api/client_server/media.rs
index cb2de353..d3e22c28 100644
--- a/src/api/client_server/media.rs
+++ b/src/api/client_server/media.rs
@@ -14,7 +14,7 @@ use ruma::api::client::{
         get_media_config, get_media_preview,
     },
 };
-use tracing::{debug, error, info};
+use tracing::{debug, error, info, warn};
 use webpage::HTML;
 
 /// generated MXC ID (`media-id`) length
@@ -500,7 +500,10 @@ async fn get_url_preview(url: &str) -> Result<UrlPreviewData> {
 fn url_preview_allowed(url_str: &str) -> bool {
     let url: Url = match Url::parse(url_str) {
         Ok(u) => u,
-        Err(_) => return false,
+        Err(e) => {
+            warn!("Failed to parse URL from a str: {}", e);
+            return false;
+        }
     };
 
     if ["http", "https"]
@@ -559,7 +562,7 @@ fn url_preview_allowed(url_str: &str) -> bool {
 
         if allowlist_url_contains
             .iter()
-            .any(|url_s| url_s.contains(&url.to_string()))
+            .any(|url_s| url.to_string().contains(&url_s.to_string()))
         {
             return true;
         }