From 8fb2baecdccf02b50f048966b32b4a53541627d4 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Tue, 22 Sep 2020 19:56:26 +0300
Subject: [PATCH] another hack for validation of URLs with invalid characters

---
 classes/urlhelper.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/classes/urlhelper.php b/classes/urlhelper.php
index c8e87c8ae..461d5fb7e 100644
--- a/classes/urlhelper.php
+++ b/classes/urlhelper.php
@@ -48,7 +48,7 @@ class UrlHelper {
 	// extended filtering involves validation for safe ports and loopback
 	static function validate($url, $extended_filtering = false) {
 
-		$url = clean(rawurldecode($url));
+		$url = clean($url);
 
 		# fix protocol-relative URLs
 		if (strpos($url, "//") === 0)
@@ -65,8 +65,10 @@ class UrlHelper {
 			return false;
 
 		if ($tokens['path']) {
-			// urlencode path, but respect "/" path delimiters
-			$tokens['path'] = implode("/", array_map("rawurlencode", explode("/", $tokens['path'])));
+			$tokens['path'] = implode("/",
+										array_map("rawurlencode",
+											array_map("rawurldecode",
+												explode("/", $tokens['path']))));
 		}
 
 		//convert IDNA hostname to punycode if possible
-- 
GitLab