From 66fa18a11efa07d68d397a41eb4075f2c6fdde33 Mon Sep 17 00:00:00 2001
From: David Kocik <kocikdav@gmail.com>
Date: Thu, 26 Jan 2023 12:47:17 +0100
Subject: [PATCH] Printables.com subdomain check

---
 src/slic3r/GUI/Downloader.cpp        |  3 +--
 src/slic3r/GUI/DownloaderFileGet.cpp | 36 ++++++++++++++++++++++++++++
 src/slic3r/GUI/DownloaderFileGet.hpp |  3 ++-
 3 files changed, 39 insertions(+), 3 deletions(-)

diff --git a/src/slic3r/GUI/Downloader.cpp b/src/slic3r/GUI/Downloader.cpp
index ad46162cbf..45ea436313 100644
--- a/src/slic3r/GUI/Downloader.cpp
+++ b/src/slic3r/GUI/Downloader.cpp
@@ -146,8 +146,7 @@ void Downloader::start_download(const std::string& full_url)
 #else
     std::string escaped_url = FileGet::escape_url(full_url.substr(24));
 #endif
-
-	if (!boost::starts_with(escaped_url, "https://files.printables.com") && !boost::starts_with(escaped_url, "https://dev-files.printables.com")) {
+	if (!boost::starts_with(escaped_url, "https://") || !FileGet::is_subdomain(escaped_url, "printables.com")) {
 		std::string msg = format(_L("Download won't start. Download URL doesn't point to https://files.printables.com : %1%"), escaped_url);
 		BOOST_LOG_TRIVIAL(error) << msg;
 		NotificationManager* ntf_mngr = wxGetApp().notification_manager();
diff --git a/src/slic3r/GUI/DownloaderFileGet.cpp b/src/slic3r/GUI/DownloaderFileGet.cpp
index d812612960..d21f8df82d 100644
--- a/src/slic3r/GUI/DownloaderFileGet.cpp
+++ b/src/slic3r/GUI/DownloaderFileGet.cpp
@@ -30,6 +30,42 @@ std::string FileGet::escape_url(const std::string& unescaped)
 	}
 	return ret_val;
 }
+bool FileGet::is_subdomain(const std::string& url, const std::string& domain)
+{
+	// domain should be f.e. printables.com (.com including)
+	char* host;
+	std::string host_string;
+	CURLUcode rc;
+	CURLU* curl = curl_url();
+	if (!curl) {
+		BOOST_LOG_TRIVIAL(error) << "Failed to init Curl library in function is_domain.";
+		return false;
+	}
+	rc = curl_url_set(curl, CURLUPART_URL, url.c_str(), 0);
+	if (rc != CURLUE_OK) {
+		curl_url_cleanup(curl);
+		return false;
+	}
+	rc = curl_url_get(curl, CURLUPART_HOST, &host, 0);
+	if (rc != CURLUE_OK || !host) {
+		curl_url_cleanup(curl);
+		return false;
+	}
+	host_string = std::string(host);
+	curl_free(host);
+	// now host should be subdomain.domain or just domain
+	if (domain == host_string) {
+		curl_url_cleanup(curl);
+		return true;
+	}
+	if(boost::ends_with(host_string, "." + domain)) {
+		curl_url_cleanup(curl);
+		return true;
+	}
+	curl_url_cleanup(curl);
+	return false;
+}
+
 namespace {
 unsigned get_current_pid()
 {
diff --git a/src/slic3r/GUI/DownloaderFileGet.hpp b/src/slic3r/GUI/DownloaderFileGet.hpp
index 38ddd9af02..022d4c0c10 100644
--- a/src/slic3r/GUI/DownloaderFileGet.hpp
+++ b/src/slic3r/GUI/DownloaderFileGet.hpp
@@ -23,7 +23,8 @@ public:
 	void cancel();
 	void pause();
 	void resume();
-	static std::string escape_url(const std::string& url);
+	static std::string	escape_url(const std::string& url);
+	static bool			is_subdomain(const std::string& url, const std::string& domain);
 private:
 	std::unique_ptr<priv> p;
 };