From 03a0e0dd4e97a317d4c484fc06f9311d1ca6d349 Mon Sep 17 00:00:00 2001
From: Karson <karsonzhang@163.com>
Date: Fri, 16 Jun 2023 17:45:07 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96url=E6=A3=80=E6=B5=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

(cherry picked from commit dc466cb1c9273354a996b4a89643f51c59d6b802)
---
 application/common.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/application/common.php b/application/common.php
index b7359b81..11fe5f52 100755
--- a/application/common.php
+++ b/application/common.php
@@ -518,8 +518,8 @@ if (!function_exists('check_url_allowed')) {
 
         //如果是站外链接则需要判断HOST是否允许
         if (preg_match("/((http[s]?:\/\/)+(?>[a-z\-0-9]{2,}\.){1,}[a-z]{2,8})(?:\s|\/)/i", $url)) {
-
-            if (in_array(strtolower(parse_url($url, PHP_URL_HOST)), $allowedHostArr)) {
+            $chkHost = parse_url(strtolower($url), PHP_URL_HOST);
+            if ($chkHost && in_array($chkHost, $allowedHostArr)) {
                 return true;
             }
         }