From 882a3c383103802c491404032c5d267e4f5271a0 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Sat, 22 Jul 2017 17:26:41 +0200
Subject: [ticket/security/211] Make sure website URL only uses http & https
 schemes

SECURITY-211
---
 phpBB/includes/functions_convert.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'phpBB/includes/functions_convert.php')

diff --git a/phpBB/includes/functions_convert.php b/phpBB/includes/functions_convert.php
index da4820134d..ba354d39ef 100644
--- a/phpBB/includes/functions_convert.php
+++ b/phpBB/includes/functions_convert.php
@@ -249,7 +249,7 @@ function validate_website($url)
 	{
 		return '';
 	}
-	else if (!preg_match('#^[a-z0-9]+://#i', $url) && strlen($url) > 0)
+	else if (!preg_match('#^http[s]?://#i', $url) && strlen($url) > 0)
 	{
 		return 'http://' . $url;
 	}
-- 
cgit v1.2.1