From c3d14e1fa54c7dade7b1b7955575e2991396d7ef Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Mon, 14 Sep 2020 19:46:52 +0300
Subject: - fix multiple vulnerabilities in af_proxy_http - fix vulnerability
 in rewrite_relative_url() which prevented some URLs from being properly
 absolutized - fetch_file_contents: validate all URLs before requesting them -
 validate URLs: explicitly whitelist http and https scheme, forbid everything
 else - DiskCache/cached_url: only serve whitelisted content types (images,
 video) - simplify filename/URL handling code, remove and consolidate some
 less-used functions

---
 classes/pref/feeds.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'classes/pref/feeds.php')

diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php
index 9d29ab478..8cdb1577c 100755
--- a/classes/pref/feeds.php
+++ b/classes/pref/feeds.php
@@ -1701,7 +1701,7 @@ class Pref_Feeds extends Handler_Protected {
 		foreach ($feeds as $feed) {
 			$feed = trim($feed);
 
-			if (Feeds::validate_feed_url($feed)) {
+			if (validate_url($feed)) {
 
 				$this->pdo->beginTransaction();
 
-- 
cgit v1.2.3