From e6d05a586510e9b0ce112af52591a33e7a03d46a Mon Sep 17 00:00:00 2001 From: joshuaruesweg Date: Wed, 10 Mar 2021 17:09:29 +0100 Subject: [PATCH] Reject image urls which contains special chars --- .../background/job/UnfurlUrlBackgroundJob.class.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/wcfsetup/install/files/lib/system/background/job/UnfurlUrlBackgroundJob.class.php b/wcfsetup/install/files/lib/system/background/job/UnfurlUrlBackgroundJob.class.php index c8f1427c19..5345d247ba 100644 --- a/wcfsetup/install/files/lib/system/background/job/UnfurlUrlBackgroundJob.class.php +++ b/wcfsetup/install/files/lib/system/background/job/UnfurlUrlBackgroundJob.class.php @@ -85,10 +85,14 @@ final class UnfurlUrlBackgroundJob extends AbstractBackgroundJob $imageData = []; $imageID = null; if ($unfurlResponse->getImageUrl()) { - $imageUrl = StringUtil::trim($unfurlResponse->getImageUrl()); - - if (Url::is($imageUrl)) { - $imageID = self::getImageIdByUrl($unfurlResponse->getImageUrl()); + $imageUrl = $unfurlResponse->getImageUrl(); + + if ( + \strpos($imageUrl, '\\') === false + && \strpos($imageUrl, "'") === false + && Url::is($imageUrl) + ) { + $imageID = self::getImageIdByUrl($imageUrl); if ($imageID === null) { $imageData = $this->getImageData($unfurlResponse); -- 2.20.1