I'd like to allow only https:// links to be used as remote avatar images in phpbb to avoid mixed content. This seems to be the code that is used to check whether the entered url is correct (to be found in /phpbb/avatar/driver/remote.php):
if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.('. implode('|', $this->allowed_extensions) . ')$#i', $url))
{
$error[] = 'AVATAR_URL_INVALID';
return false;
}
I'd like to add a if{}-condition before this code block to give an informative error message if the user selected an image from a non-secure server. Can anyone help me defining the correct preg_match() string please?