Reject image urls which contains special chars

diff --git a/wcfsetup/install/files/lib/system/background/job/UnfurlUrlBackgroundJob.class.php b/wcfsetup/install/files/lib/system/background/job/UnfurlUrlBackgroundJob.class.php
index c8f1427c19cca589e732391dc34e8ddb2c96f82a..5345d247ba10fb9b76b85c7551412bb7f0b217da 100644 (file)
--- a/wcfsetup/install/files/lib/system/background/job/UnfurlUrlBackgroundJob.class.php
+++ b/wcfsetup/install/files/lib/system/background/job/UnfurlUrlBackgroundJob.class.php
@@ -85,10 +85,14 @@ final class UnfurlUrlBackgroundJob extends AbstractBackgroundJob
             $imageData = [];
             $imageID = null;
             if ($unfurlResponse->getImageUrl()) {
-                $imageUrl = StringUtil::trim($unfurlResponse->getImageUrl());
-
-                if (Url::is($imageUrl)) {
-                    $imageID = self::getImageIdByUrl($unfurlResponse->getImageUrl());
+                $imageUrl = $unfurlResponse->getImageUrl();
+
+                if (
+                    \strpos($imageUrl, '\\') === false
+                    && \strpos($imageUrl, "'") === false
+                    && Url::is($imageUrl)
+                ) {
+                    $imageID = self::getImageIdByUrl($imageUrl);
 
                     if ($imageID === null) {
                         $imageData = $this->getImageData($unfurlResponse);