From 88214bf90acd1f189f52f368eb33fccd22694171 Mon Sep 17 00:00:00 2001
From: Christoph Wurst <1374172+ChristophWurst@users.noreply.github.com>
Date: Thu, 19 Mar 2026 20:24:02 +0100
Subject: [PATCH] fix(phishing): try to catch invalid URL error before
 Normalizer errors

AI-assisted: OpenCode (Claude Haiku 4.5)
Signed-off-by: Christoph Wurst <1374172+ChristophWurst@users.noreply.github.com>
---
 lib/Service/PhishingDetection/LinkCheck.php            | 6 ++++++
 tests/Unit/Service/PhishingDetection/LinkCheckTest.php | 9 +++++++++
 2 files changed, 15 insertions(+)

diff --git a/lib/Service/PhishingDetection/LinkCheck.php b/lib/Service/PhishingDetection/LinkCheck.php
index 132127d41b..c9b270bdaa 100644
--- a/lib/Service/PhishingDetection/LinkCheck.php
+++ b/lib/Service/PhishingDetection/LinkCheck.php
@@ -74,6 +74,12 @@ public function run(string $htmlMessage) : PhishingDetectionResult {
 			];
 		}
 		foreach ($zippedArray as $zipped) {
+			// Skip URLs that cannot be parsed to avoid deprecation errors in URL\Normalizer
+			// with malformed URLs in PHP 8.1+
+			if (parse_url($zipped['href']) === false) {
+				continue;
+			}
+
 			$un = new Normalizer($zipped['href']);
 			$url = $un->normalize();
 			if ($this->textLooksLikeALink($zipped['linkText'])) {
diff --git a/tests/Unit/Service/PhishingDetection/LinkCheckTest.php b/tests/Unit/Service/PhishingDetection/LinkCheckTest.php
index 85c1cb06e6..995abe9af7 100644
--- a/tests/Unit/Service/PhishingDetection/LinkCheckTest.php
+++ b/tests/Unit/Service/PhishingDetection/LinkCheckTest.php
@@ -87,4 +87,13 @@ public function testLinkWithQuotesReturnsSafe(): void {
 
 		$this->assertFalse($result->isPhishing());
 	}
+
+	public function testMalformedUrlReturnsSafe(): void {
+		// Test that malformed URLs don't cause errors but are silently skipped
+		$html = '<html><body><a href="ht!tp://exa mple">Click here</a></body></html>';
+
+		$result = $this->check->run($html);
+
+		$this->assertFalse($result->isPhishing());
+	}
 }