1 files changed, 12 insertions, 9 deletions

diff --git a/include/functions.php b/include/functions.php
index c0a215fba..4031afa6e 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -238,7 +238,7 @@
 		$url = ltrim($url, ' ');
 		$url = str_replace(' ', '%20', $url);
 
-		$url = validate_url($url);
+		$url = validate_url($url, true);
 
 		if (!$url) return false;
 
@@ -350,7 +350,7 @@
 
 			$fetch_effective_url = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
 
-			if (!validate_url($fetch_effective_url)) {
+			if (!validate_url($fetch_effective_url, true)) {
 				$fetch_last_error = "URL hostname received after redirection failed to validate.";
 
 				return false;
@@ -443,7 +443,7 @@
 
 			$fetch_effective_url = resolve_redirects($url, $timeout ? $timeout : FILE_FETCH_CONNECT_TIMEOUT);
 
-			if (!validate_url($fetch_effective_url)) {
+			if (!validate_url($fetch_effective_url, true)) {
 				$fetch_last_error = "URL hostname received after redirection failed to validate.";
 
 				return false;
@@ -1963,7 +1963,8 @@
 		return $ttrss_version['version'];
 	}
 
-	function validate_url($url) {
+	// extended filtering involves validation for safe ports and loopback
+	function validate_url($url, $extended_filtering = false) {
 
 		$url = clean($url);
 
@@ -1979,14 +1980,16 @@
 		if (!$tokens['host'])
 			return false;
 
-		if (!in_array($tokens['port'], [80, 443, '']))
-			return false;
-
 		if (!in_array($tokens['scheme'], ['http', 'https']))
 			return false;
 
-		if ($tokens['host'] == 'localhost' || $tokens['host'] == '::1' || strpos($tokens['host'], '127.') === 0)
-			return false;
+		if ($extended_filtering) {
+			if (!in_array($tokens['port'], [80, 443, '']))
+				return false;
+
+			if ($tokens['host'] == 'localhost' || $tokens['host'] == '::1' || strpos($tokens['host'], '127.') === 0)
+				return false;
+		}
 
 		//convert IDNA hostname to punycode if possible
 		if (function_exists("idn_to_ascii")) {