Restrict external sources by host only

diff --git a/wcfsetup/install/files/lib/system/html/output/node/HtmlOutputNodeImg.class.php b/wcfsetup/install/files/lib/system/html/output/node/HtmlOutputNodeImg.class.php
index 69c8cf7dd8b2d3469942052c87b50b04d0d6081c..54d4067ff8705a42928720be6d44d997ad1fb7c9 100644 (file)
--- a/wcfsetup/install/files/lib/system/html/output/node/HtmlOutputNodeImg.class.php
+++ b/wcfsetup/install/files/lib/system/html/output/node/HtmlOutputNodeImg.class.php
@@ -234,7 +234,7 @@ class HtmlOutputNodeImg extends AbstractHtmlOutputNode {
                        }
                }
                
-               $host = @parse_url($src, PHP_URL_HOST);
-               return $host !== false && in_array($host, $ownDomains);
+               $host = Url::parse($src)['host'];
+               return in_array($host, $ownDomains);
        }
 }