From: joshuaruesweg <ruesweg@woltlab.com>
Date: Wed, 10 Mar 2021 16:09:29 +0000 (+0100)
Subject: Reject image urls which contains special chars
X-Git-Tag: 5.4.0_Alpha_1~146^2~8
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=e6d05a586510e9b0ce112af52591a33e7a03d46a;p=GitHub%2FWoltLab%2FWCF.git

Reject image urls which contains special chars
---

diff --git a/wcfsetup/install/files/lib/system/background/job/UnfurlUrlBackgroundJob.class.php b/wcfsetup/install/files/lib/system/background/job/UnfurlUrlBackgroundJob.class.php
index c8f1427c19..5345d247ba 100644
--- a/wcfsetup/install/files/lib/system/background/job/UnfurlUrlBackgroundJob.class.php
+++ b/wcfsetup/install/files/lib/system/background/job/UnfurlUrlBackgroundJob.class.php
@@ -85,10 +85,14 @@ final class UnfurlUrlBackgroundJob extends AbstractBackgroundJob
             $imageData = [];
             $imageID = null;
             if ($unfurlResponse->getImageUrl()) {
-                $imageUrl = StringUtil::trim($unfurlResponse->getImageUrl());
-
-                if (Url::is($imageUrl)) {
-                    $imageID = self::getImageIdByUrl($unfurlResponse->getImageUrl());
+                $imageUrl = $unfurlResponse->getImageUrl();
+
+                if (
+                    \strpos($imageUrl, '\\') === false
+                    && \strpos($imageUrl, "'") === false
+                    && Url::is($imageUrl)
+                ) {
+                    $imageID = self::getImageIdByUrl($imageUrl);
 
                     if ($imageID === null) {
                         $imageData = $this->getImageData($unfurlResponse);