* protocols, because we only want protocols that both cURL
* and php support.
*
+ * file:// should not be allowed here for security purpose (r67684)
+ *
* @fixme this is wildly inaccurate and fails to actually check most stuff
*
* @param $uri Mixed: URI to check for validity
# Check security of URL
$url = $this->getResponseHeader( "Location" );
- if ( substr( $url, 0, 7 ) !== 'http://' ) {
+ if ( !Http::isValidURI( $url ) ) {
wfDebug( __METHOD__ . ": insecure redirection\n" );
break;
}