Skip to content

Commit

Permalink
Fix IDN domain name not being allowed
Browse files Browse the repository at this point in the history
The filter_var function is unfortunately not perfect and doesn't support
domain with unicode as well as url with underscores. Replace usage with
a regex.

See https://bugs.php.net/search.php?cmd=display&search_for=FILTER_VALIDATE_URL

Closes #27906

Signed-off-by: Carl Schwan <[email protected]>
  • Loading branch information
CarlSchwan committed Jul 14, 2021
1 parent 2a0bd66 commit d5d86b1
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions apps/theming/lib/Controller/ThemingController.php
Original file line number Diff line number Diff line change
Expand Up @@ -203,8 +203,8 @@ public function updateStylesheet($setting, $value) {
* Check that a string is a valid http/https url
*/
private function isValidUrl(string $url): bool {
return ((strpos($url, 'http://') === 0 || strpos($url, 'https://') === 0) &&
filter_var($url, FILTER_VALIDATE_URL) !== false);
// Regex copied from https://stackoverflow.com/a/206087 but without ftp support
return preg_match('#(https?://(\S*?\.\S*?))([\s)\[\]{},;"\':<]|\.\s|$)#i', $url);
}

/**
Expand Down

0 comments on commit d5d86b1

Please sign in to comment.