using url module to normalise passed-in url prior to saving in db, closes #3043

src/controllers/accounts.js

@@ -96,7 +96,6 @@ function getUserDataByUserSlug(userslug, callerUID, callback) {
 			userData.username = validator.escape(userData.username);
 			userData.email = validator.escape(userData.email);
 			userData.fullname = validator.escape(userData.fullname);
-			userData.websiteName = validator.escape(userData.websiteName);
 			userData.location = validator.escape(userData.location);
 			userData.signature = validator.escape(userData.signature);
 

src/user/profile.js

@@ -3,6 +3,7 @@
 
 var async = require('async'),
 	validator = require('validator'),
+	url = require('url'),
 	S = require('string'),
 
 	utils = require('../../public/src/utils'),
@@ -121,9 +122,19 @@ module.exports = function(User) {
 				} else if (field === 'signature') {
 					data[field] = S(data[field]).stripTags().s;
 				} else if (field === 'website') {
-					if (data[field] && !data[field].startsWith('http://') && !data[field].startsWith('https://')) {
+					var urlObj = url.parse(data[field], false, true);
-						data[field] = 'http://' + data[field];
+					if (!urlObj.protocol) {
+						urlObj.protocol = 'http';
+						urlObj.slashes = true;
 					}
+					if (!urlObj.hostname && urlObj.pathname) {
+						urlObj.hostname = urlObj.pathname;
+						urlObj.pathname = null;
+					}
+					if (urlObj.pathname === '/') {
+						urlObj.pathname = null;
+					}
+					data[field] = url.format(urlObj);
 				}
 
 				User.setUserField(uid, field, data[field], next);