Remove extra URL validation as normalizeURL() will have done that already....

Remove extra URL validation as normalizeURL() will have done that already. Return an empty string if the input URL is empty (disregarding its type). This should make the checkURLAllowed() function transparent and avoid it returning the current URL (normalized) when input is empty. Fixes #99.

Remove extra URL validation as normalizeURL() will have done that already....
Remove extra URL validation as normalizeURL() will have done that already. Return an empty string if the input URL is empty (disregarding its type). This should make the checkURLAllowed() function transparent and avoid it returning the current URL (normalized) when input is empty. Fixes #99.
b6b6bfcd · Jaime Perez · 02642b49 · b6b6bfcd
Commit b6b6bfcd authored 10 years ago by Jaime Perez
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -309,12 +309,10 @@ class SimpleSAML_Utilities {
 	 * allowed by configuration.
 	 */
 	public static function checkURLAllowed($url, array $trustedSites = NULL) {
-		$url = self::normalizeURL($url);
-
-		// verify that the URL points to an http or https site
-		if (!preg_match('@^https?://@i', $url)) {
-			throw new SimpleSAML_Error_Exception('Invalid URL: '.$url);
+		if (empty($url)) {
+			return '';
 		}
+		$url = self::normalizeURL($url);

 		// get the white list of domains
 		if ($trustedSites === NULL) {