better fix to ip exploit

files/helpers/regex.py

@@ -129,6 +129,7 @@ twitch_regex = re.compile('(https:\/\/)?(www\.)?twitch.tv\/(.*)', flags=re.I|re.
 link_fix_regex = re.compile("(\[.*?\]\()(?!http|\/)(.*?\))" + NOT_IN_CODE_OR_LINKS, flags=re.A)
 
 css_url_regex = re.compile('url\(\s*[\'"]?([^\'"]*)', flags=re.I|re.A)
+css_url2_regex = re.compile('(http[^\s]*)', flags=re.I|re.A)
 
 linefeeds_regex = re.compile("([^\n])\n([^\n])", flags=re.A)
 

files/helpers/sanitize.py

@@ -804,7 +804,8 @@ def validate_css(css):
 	if '/*' in css:
 		return False, "CSS comments are not allowed!"
 
-	for i in css_url_regex.finditer(css):
+	matches = list(css_url_regex.finditer(css)) + list(css_url2_regex.finditer(css))
+	for i in matches:
 		url = i.group(1)
 		if not is_safe_url(url):
 			domain = tldextract.extract(url).registered_domain