From b3bedd0a94264fe1fcff1e2cf6ab255941632b07 Mon Sep 17 00:00:00 2001
From: Philip Klempin <philip@klempin.se>
Date: Mon, 7 Jun 2021 00:51:02 +0200
Subject: [PATCH] Skip URI base on ALLOWED_RELATIVE_SCHEMES in rewrite_relative

---
 classes/urlhelper.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/classes/urlhelper.php b/classes/urlhelper.php
index 03f0c474d..648d609a4 100644
--- a/classes/urlhelper.php
+++ b/classes/urlhelper.php
@@ -1,5 +1,11 @@
 <?php
 class UrlHelper {
+	const ALLOWED_RELATIVE_SCHEMES = [
+		"magnet",
+		"mailto",
+		"tel"
+	];
+
 	static $fetch_last_error;
 	static $fetch_last_error_code;
 	static $fetch_last_error_content;
@@ -36,8 +42,7 @@ class UrlHelper {
 		} else if (strpos($rel_url, "//") === 0) {
 			# protocol-relative URL (rare but they exist)
 			return self::validate("https:" . $rel_url);
-		} else if (strpos($rel_url, "magnet:") === 0) {
-			# allow magnet links
+		} else if (array_search($rel_parts["scheme"] ?? "", self::ALLOWED_RELATIVE_SCHEMES, true) !== false) {
 			return $rel_url;
 		} else {
 			$base_parts = parse_url($base_url);
-- 
GitLab