From c529671a522dea0dcfc280815092ee1f5127b92b Mon Sep 17 00:00:00 2001
From: Cash Costello <cash.costello@gmail.com>
Date: Sat, 17 Dec 2011 08:43:49 -0500
Subject: Fixes #4190 accepting full urls with non-ascii characters

---
 engine/lib/output.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'engine/lib/output.php')

diff --git a/engine/lib/output.php b/engine/lib/output.php
index 989eca60e..6554481f5 100644
--- a/engine/lib/output.php
+++ b/engine/lib/output.php
@@ -234,7 +234,7 @@ function elgg_clean_vars(array $vars = array()) {
  *
  * @example
  * elgg_normalize_url('');                   // 'http://my.site.com/'
- * elgg_normalize_url('dashboard');       // 'http://my.site.com/dashboard'
+ * elgg_normalize_url('dashboard');          // 'http://my.site.com/dashboard'
  * elgg_normalize_url('http://google.com/'); // no change
  * elgg_normalize_url('//google.com/');      // no change
  *
@@ -257,6 +257,11 @@ function elgg_normalize_url($url) {
 		$validated = filter_var($url, FILTER_VALIDATE_URL);
 	}
 
+	// work around for handling absoluate IRIs (RFC 3987) - see #4190
+	if (!$validated && (strpos($url, 'http:') === 0) || (strpos($url, 'https:') === 0)) {
+		$validated = true;
+	}
+
 	if ($validated) {
 		// all normal URLs including mailto:
 		return $url;
-- 
cgit v1.2.3