From 9386a55933612577b4400707157f4b61dadd5769 Mon Sep 17 00:00:00 2001
From: Aevann <randomname42029@gmail.com>
Date: Thu, 7 Sep 2023 15:25:09 +0300
Subject: [PATCH] better fix to ip exploit

---
 files/helpers/regex.py    | 1 +
 files/helpers/sanitize.py | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/files/helpers/regex.py b/files/helpers/regex.py
index d302cb9a9..63ed0ab94 100644
--- a/files/helpers/regex.py
+++ b/files/helpers/regex.py
@@ -129,6 +129,7 @@ twitch_regex = re.compile('(https:\/\/)?(www\.)?twitch.tv\/(.*)', flags=re.I|re.
 link_fix_regex = re.compile("(\[.*?\]\()(?!http|\/)(.*?\))" + NOT_IN_CODE_OR_LINKS, flags=re.A)
 
 css_url_regex = re.compile('url\(\s*[\'"]?([^\'"]*)', flags=re.I|re.A)
+css_url2_regex = re.compile('(http[^\s]*)', flags=re.I|re.A)
 
 linefeeds_regex = re.compile("([^\n])\n([^\n])", flags=re.A)
 
diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py
index fd55efb36..4d71adaef 100644
--- a/files/helpers/sanitize.py
+++ b/files/helpers/sanitize.py
@@ -804,7 +804,8 @@ def validate_css(css):
 	if '/*' in css:
 		return False, "CSS comments are not allowed!"
 
-	for i in css_url_regex.finditer(css):
+	matches = list(css_url_regex.finditer(css)) + list(css_url2_regex.finditer(css))
+	for i in matches:
 		url = i.group(1)
 		if not is_safe_url(url):
 			domain = tldextract.extract(url).registered_domain