Validate hostname of ssh URLs and reject anything besides letters, numbers,...

Validate hostname of ssh URLs and reject anything besides letters, numbers, dash, and colon. Colon is allowed for IPV6. Square brackets in IPV6 get stripped by the system.

sources/iTermController.m

@@ -1009,8 +1009,16 @@ static iTermController *gSharedInstance;
             if ([urlRep port]) {
                 [tempString appendFormat:@"-p %@ ", [urlRep port]];
             }
-            if ([urlRep host]) {
-                [tempString appendString:[[urlRep host] stringWithEscapedShellCharactersIncludingNewlines:YES]];
+            NSString *hostname = [urlRep host];
+            if (hostname) {
+                NSCharacterSet *legalCharacters = [NSCharacterSet characterSetWithCharactersInString:@":abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-."];
+                NSCharacterSet *illegalCharacters = [legalCharacters invertedSet];
+                NSRange range = [hostname rangeOfCharacterFromSet:illegalCharacters];
+                if (range.location != NSNotFound) {
+                    ELog(@"Hostname %@ contains illegal character at position %@", hostname, @(range.location));
+                    return nil;
+                }
+                [tempString appendString:[hostname stringWithEscapedShellCharactersIncludingNewlines:YES]];
             }
             [tempDict setObject:tempString forKey:KEY_COMMAND_LINE];
             [tempDict setObject:@"Yes" forKey:KEY_CUSTOM_COMMAND];
@@ -1071,6 +1079,10 @@ static iTermController *gSharedInstance;
         DLog(@"Add URL to profile");
         // Automatically fill in ssh command if command is exactly equal to $$ or it's a login shell.
         aDict = [self profile:aDict modifiedToOpenURL:url forObjectType:objectType];
+        if (aDict == nil) {
+            // Bogus hostname detected
+            return nil;
+        }
     }
     if (!bookmarkData) {
         DLog(@"Using profile:\n%@", aDict);