Relaxed to allow underscore _ in URL hostnames (#3133)

* Relaxed to allow underscore _ in URL hostnames

#fix https://github.com/FreshRSS/FreshRSS/issues/3132
https://bugs.php.net/bug.php?id=64948

* Minor fix in favicons redirect

* Minor fix in relative HREF for favicons

app/Models/ConfigurationSetter.php

@@ -118,7 +118,7 @@ class FreshRSS_ConfigurationSetter {
 
 			// Verify URL and add default value when needed
 			if (isset($value['url'])) {
-				$is_url = filter_var($value['url'], FILTER_VALIDATE_URL);
+				$is_url = checkUrl($value['url']);
 				if (!$is_url) {
 					continue;
 				}

app/Models/Feed.php

@@ -188,7 +188,7 @@ class FreshRSS_Feed extends Minz_Model {
 		if ($validate) {
 			$value = checkUrl($value);
 		}
-		if (empty($value)) {
+		if ($value == '') {
 			throw new FreshRSS_BadUrl_Exception($value);
 		}
 		$this->url = $value;
@@ -204,7 +204,7 @@ class FreshRSS_Feed extends Minz_Model {
 		if ($validate) {
 			$value = checkUrl($value);
 		}
-		if (empty($value)) {
+		if ($value == '') {
 			$value = '';
 		}
 		$this->website = $value;

lib/favicons.php

@@ -23,10 +23,8 @@ function isImgMime($content) {
 
 function downloadHttp(&$url, $curlOptions = array()) {
 	syslog(LOG_INFO, 'FreshRSS Favicon GET ' . $url);
-	if (substr($url, 0, 2) === '//') {
-		$url = 'https:' . $url;
-	}
-	if ($url == '' || filter_var($url, FILTER_VALIDATE_URL) === false) {
+	$url = checkUrl($url);
+	if (!$url) {
 		return '';
 	}
 	$ch = curl_init($url);
@@ -42,8 +40,11 @@ function downloadHttp(&$url, $curlOptions = array()) {
 	$response = curl_exec($ch);
 	$info = curl_getinfo($ch);
 	curl_close($ch);
-	if (!empty($info['url']) && (filter_var($info['url'], FILTER_VALIDATE_URL) !== false)) {
-		$url = $info['url'];	//Possible redirect
+	if (!empty($info['url'])) {
+		$url2 = checkUrl($info['url']);
+		if ($url2 != '') {
+			$url = $url2;	//Possible redirect
+		}
 	}
 	return $info['http_code'] == 200 ? $response : '';
 }
@@ -67,7 +68,7 @@ function searchFavicon(&$url) {
 							$href = 'https:' . $href;
 						}
 					}
-					if (filter_var($href, FILTER_VALIDATE_URL) === false) {
+					if (!checkUrl($href, false)) {
 						$href = SimplePie_IRI::absolutize($url, $href);
 					}
 					$favicon = downloadHttp($href, array(

lib/lib_rss.php

@@ -74,15 +74,19 @@ function idn_to_puny($url) {
 	return $url;
 }
 
-function checkUrl($url) {
+function checkUrl($url, $fixScheme = true) {
+	$url = trim($url);
 	if ($url == '') {
 		return '';
 	}
-	if (!preg_match('#^https?://#i', $url)) {
-		$url = 'http://' . $url;
+	if ($fixScheme && !preg_match('#^https?://#i', $url)) {
+		$url = 'https://' . ltrim($url, '/');
 	}
+
 	$url = idn_to_puny($url);	//PHP bug #53474 IDN
-	if (filter_var($url, FILTER_VALIDATE_URL)) {
+	$urlRelaxed = str_replace('_', 'z', $url);	//PHP discussion #64948 Underscore
+
+	if (filter_var($urlRelaxed, FILTER_VALIDATE_URL)) {
 		return $url;
 	} else {
 		return false;