Some big update

application/Espo/Core/Webhook/Sender.php

@@ -95,11 +95,24 @@ class Sender
 
         if (
             !$this->addressUtil->isAllowedUrl($url) &&
-            !$this->urlCheck->isNotInternalUrl($url)
+            !$this->urlCheck->isUrlAndNotIternal($url)
         ) {
             throw new Error("URL '$url' points to an internal host, not allowed.");
         }
 
+        $resolve = $this->urlCheck->getCurlResolve($url);
+
+        if ($resolve === []) {
+            throw new Error("Could not resolve the host.");
+        }
+
+        /** @var string[] $allowedAddressList */
+        $allowedAddressList = $this->config->get('webhookAllowedAddressList') ?? [];
+
+        if ($resolve !== null && !$this->urlCheck->validateCurlResolveNotInternal($resolve, $allowedAddressList)) {
+            throw new Error("Forbidden host.");
+        }
+
         $handler = curl_init($url);
 
         if ($handler === false) {
@@ -118,6 +131,10 @@ class Sender
         curl_setopt($handler, \CURLOPT_HTTPHEADER, $headerList);
         curl_setopt($handler, \CURLOPT_POSTFIELDS, $payload);
 
+        if ($resolve) {
+            curl_setopt($handler, CURLOPT_RESOLVE, $resolve);
+        }
+
         curl_exec($handler);
 
         $code = curl_getinfo($handler, \CURLINFO_HTTP_CODE);