From e3099e0ed4921b3038e841fe0a91158c5a2f5c2c Mon Sep 17 00:00:00 2001
From: frank goossens <futtta@gmail.com>
Date: Thu, 11 Mar 2021 20:59:49 +0100
Subject: [PATCH] extra check on normalized original image URL before putting
 it on the imgopt URL to avoid faulty image url's being sent over for
 optimization.

---
 classes/autoptimizeImages.php | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/classes/autoptimizeImages.php b/classes/autoptimizeImages.php
index a8029e85..91764a81 100644
--- a/classes/autoptimizeImages.php
+++ b/classes/autoptimizeImages.php
@@ -464,7 +464,13 @@ private function build_imgopt_url( $orig_url, $width = 0, $height = 0 )
             return $filtered_url;
         }
 
-        $orig_url        = $this->normalize_img_url( $orig_url );
+        $normalized_url = $this->normalize_img_url( $orig_url );
+
+        // if the URL is ascii we check if we have a real URL with filter_var (which only works on ascii url's) and if not a real URL we return the original one.
+        if ( apply_filters( 'autoptimize_filter_imgopt_check_normalized_url', true ) && ! preg_match( '/[^\x20-\x7e]/', $normalized_url ) && false === filter_var( $normalized_url, FILTER_VALIDATE_URL ) ) {
+            return $orig_url;
+        }
+
         $imgopt_base_url = $this->get_imgopt_base_url();
         $imgopt_size     = '';
 
@@ -476,7 +482,7 @@ private function build_imgopt_url( $orig_url, $width = 0, $height = 0 )
             $imgopt_size .= ',h_' . $height;
         }
 
-        $url = $imgopt_base_url . $imgopt_size . '/' . $orig_url;
+        $url = $imgopt_base_url . $imgopt_size . '/' . $normalized_url;
 
         return $url;
     }