From f39737bfabfac43bddc4b58f34f5b671dda38a42 Mon Sep 17 00:00:00 2001
From: Ejaaz Khan <ejaaz@frappe.io>
Date: Tue, 6 May 2025 16:34:30 +0530
Subject: [PATCH] fix: don't allow attaching an file invalid url

---
 frappe/core/doctype/file/file.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/frappe/core/doctype/file/file.py b/frappe/core/doctype/file/file.py
index 5cbef2db16..b0bab71e73 100755
--- a/frappe/core/doctype/file/file.py
+++ b/frappe/core/doctype/file/file.py
@@ -199,11 +199,17 @@ class File(Document):
 		return frappe.get_all("File", filters={"folder": self.name}, pluck="name")
 
 	def validate_file_path(self):
+		full_path = self.get_full_path()
 		if self.is_remote_file:
+			# Validate whether the file URL is valid by attempting to open it.
+			try:
+				open(full_path, mode="rb")
+			except FileNotFoundError:
+				frappe.throw("No such file or directory: {}".format(full_path), FileNotFoundError)
 			return
 
 		base_path = os.path.realpath(get_files_path(is_private=self.is_private))
-		if not os.path.realpath(self.get_full_path()).startswith(base_path):
+		if not os.path.realpath(full_path).startswith(base_path):
 			frappe.throw(
 				_("The File URL you've entered is incorrect"),
 				title=_("Invalid File URL"),