preg_match to only allow https:// in an URL

2019-09-10 16:15发布

问题:

I'd like to allow only https:// links to be used as remote avatar images in phpbb to avoid mixed content. This seems to be the code that is used to check whether the entered url is correct (to be found in /phpbb/avatar/driver/remote.php):

if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.('. implode('|', $this->allowed_extensions) . ')$#i', $url))
{
    $error[] = 'AVATAR_URL_INVALID';
    return false;
}

I'd like to add a if{}-condition before this code block to give an informative error message if the user selected an image from a non-secure server. Can anyone help me defining the correct preg_match() string please?

回答1:

Based on the suggestion by @casimir, I used the following code and it works:

    $urlchk = parse_url($url);
    $urlscheme = isset($urlchk['scheme']) ? $urlchk['scheme'].'://' : 'http://';
    if ($urlscheme=='http://'){
        // error message
    }