From 1621abcffc4b05c3440592505a0f29b8469bc2ac Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Tue, 15 Sep 2020 10:41:57 +0300
Subject: [PATCH] rewrite_relative_url: validate resulting absolutized URLs

---
 include/functions.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/functions.php b/include/functions.php
index 19eac41ae..9aecaecb4 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -1526,10 +1526,10 @@
 		$rel_parts = parse_url($rel_url);
 
 		if ($rel_parts['host'] && $rel_parts['scheme']) {
-			return $rel_url;
+			return validate_url($rel_url);
 		} else if (strpos($rel_url, "//") === 0) {
 			# protocol-relative URL (rare but they exist)
-			return "https:" . $rel_url;
+			return validate_url("https:" . $rel_url);
 		} else if (strpos($rel_url, "magnet:") === 0) {
 			# allow magnet links
 			return $rel_url;
@@ -1552,7 +1552,7 @@
 			$parts['path'] = str_replace("/./", "/", $parts['path']);
 			$parts['path'] = str_replace("//", "/", $parts['path']);
 
-			return build_url($parts);
+			return validate_url(build_url($parts));
 		}
 	}