diff options
author | Andrew Dolgov <[email protected]> | 2020-09-22 19:56:26 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2020-09-22 19:56:26 +0300 |
commit | 8fb2baecdccf02b50f048966b32b4a53541627d4 (patch) | |
tree | 754948f9682782c28891bea74fa1778db3425ad2 /classes | |
parent | a897c4165bebf975129edfb75ba3878f1deab9ec (diff) |
another hack for validation of URLs with invalid characters
Diffstat (limited to 'classes')
-rw-r--r-- | classes/urlhelper.php | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/classes/urlhelper.php b/classes/urlhelper.php index c8e87c8ae..461d5fb7e 100644 --- a/classes/urlhelper.php +++ b/classes/urlhelper.php @@ -48,7 +48,7 @@ class UrlHelper { // extended filtering involves validation for safe ports and loopback static function validate($url, $extended_filtering = false) { - $url = clean(rawurldecode($url)); + $url = clean($url); # fix protocol-relative URLs if (strpos($url, "//") === 0) @@ -65,8 +65,10 @@ class UrlHelper { return false; if ($tokens['path']) { - // urlencode path, but respect "/" path delimiters - $tokens['path'] = implode("/", array_map("rawurlencode", explode("/", $tokens['path']))); + $tokens['path'] = implode("/", + array_map("rawurlencode", + array_map("rawurldecode", + explode("/", $tokens['path'])))); } //convert IDNA hostname to punycode if possible |