From d5d86b1d31fb7f25c76e303d300e3c0d93ae294c Mon Sep 17 00:00:00 2001
From: Carl Schwan <carl@carlschwan.eu>
Date: Wed, 14 Jul 2021 11:27:01 +0200
Subject: [PATCH] Fix IDN domain name not being allowed

The filter_var function is unfortunately not perfect and doesn't support
domain with unicode as well as url with underscores. Replace usage with
a regex.

See https://bugs.php.net/search.php?cmd=display&search_for=FILTER_VALIDATE_URL

Closes #27906

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
---
 apps/theming/lib/Controller/ThemingController.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/theming/lib/Controller/ThemingController.php b/apps/theming/lib/Controller/ThemingController.php
index 1638f5bd95799..b9e71996a9541 100644
--- a/apps/theming/lib/Controller/ThemingController.php
+++ b/apps/theming/lib/Controller/ThemingController.php
@@ -203,8 +203,8 @@ public function updateStylesheet($setting, $value) {
 	 * Check that a string is a valid http/https url
 	 */
 	private function isValidUrl(string $url): bool {
-		return ((strpos($url, 'http://') === 0 || strpos($url, 'https://') === 0) &&
-			filter_var($url, FILTER_VALIDATE_URL) !== false);
+		// Regex copied from https://stackoverflow.com/a/206087 but without ftp support
+		return preg_match('#(https?://(\S*?\.\S*?))([\s)\[\]{},;"\':<]|\.\s|$)#i', $url);
 	}
 
 	/**