From a897c4165bebf975129edfb75ba3878f1deab9ec Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Tue, 22 Sep 2020 15:32:22 +0300 Subject: [PATCH] validate URLs: convert IDN to punycode before passing URL to filter_var() --- classes/urlhelper.php | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/classes/urlhelper.php b/classes/urlhelper.php index 29c81e760..c8e87c8ae 100644 --- a/classes/urlhelper.php +++ b/classes/urlhelper.php @@ -69,6 +69,13 @@ class UrlHelper { $tokens['path'] = implode("/", array_map("rawurlencode", explode("/", $tokens['path']))); } + //convert IDNA hostname to punycode if possible + if (function_exists("idn_to_ascii")) { + if (mb_detect_encoding($tokens['host']) != 'ASCII') { + $tokens['host'] = idn_to_ascii($tokens['host']); + } + } + $url = self::build_url($tokens); if (filter_var($url, FILTER_VALIDATE_URL) === false) @@ -82,14 +89,6 @@ class UrlHelper { return false; } - //convert IDNA hostname to punycode if possible - if (function_exists("idn_to_ascii")) { - if (mb_detect_encoding($tokens['host']) != 'ASCII') { - $tokens['host'] = idn_to_ascii($tokens['host']); - $url = self::build_url($tokens); - } - } - return $url; }