X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=application%2FUrl.php;h=6b9870f0c1bb468ebafd67e2d71123411f598a0c;hb=f28396a2f82fe61af05f19c1df367f4c660655ab;hp=c5c7dd187bbc0d1f1f3d7aff97bbb4cfc375bb61;hpb=7af9a41881ed0b9d44d18a0ce03a123a8441adf5;p=github%2Fshaarli%2FShaarli.git

diff --git a/application/Url.php b/application/Url.php
index c5c7dd18..6b9870f0 100644
--- a/application/Url.php
+++ b/application/Url.php
@@ -63,6 +63,30 @@ function add_trailing_slash($url)
     return $url . (!endsWith($url, '/') ? '/' : '');
 }
 
+/**
+ * Replace not whitelisted protocols by 'http://' from given URL.
+ *
+ * @param string $url       URL to clean
+ * @param array  $protocols List of allowed protocols (aside from http(s)).
+ *
+ * @return string URL with allowed protocol
+ */
+function whitelist_protocols($url, $protocols)
+{
+    if (startsWith($url, '?') || startsWith($url, '/')) {
+        return $url;
+    }
+    $protocols = array_merge(['http', 'https'], $protocols);
+    $protocol = preg_match('#^(\w+):/?/?#', $url, $match);
+    // Protocol not allowed: we remove it and replace it with http
+    if ($protocol === 1 && ! in_array($match[1], $protocols)) {
+        $url = str_replace($match[0], 'http://', $url);
+    } elseif ($protocol !== 1) {
+        $url = 'http://' . $url;
+    }
+    return $url;
+}
+
 /**
  * URL representation and cleanup utilities
  *
@@ -94,7 +118,10 @@ class Url
         'utm_',
 
         // ATInternet
-        'xtor='
+        'xtor=',
+
+        // Other
+        'campaign_'
     );
 
     private static $annoyingFragments = array(
@@ -233,7 +260,7 @@ class Url
         if (! function_exists('idn_to_ascii') || ! isset($this->parts['host'])) {
             return $out;
         }
-        $asciiHost = idn_to_ascii($this->parts['host']);
+        $asciiHost = idn_to_ascii($this->parts['host'], 0, INTL_IDNA_VARIANT_UTS46);
         return str_replace($this->parts['host'], $asciiHost, $out);
     }