From af8402eaf21e4a13c4df513068a1fa91cabf1bbf Mon Sep 17 00:00:00 2001
From: Ryan Cramer <ryan@processwire.com>
Date: Mon, 3 May 2021 10:30:01 -0400
Subject: [PATCH] Update $sanitizer->url() to support URLs without authority
 slashes like skype:username?chat per processwire/processwire-issues#1368

---
 wire/core/Sanitizer.php | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/wire/core/Sanitizer.php b/wire/core/Sanitizer.php
index 48d6980e..45d2c159 100644
--- a/wire/core/Sanitizer.php
+++ b/wire/core/Sanitizer.php
@@ -1770,6 +1770,7 @@ class Sanitizer extends Wire {
 			'allowSchemes' => array(),
 			'disallowSchemes' => array('file', 'javascript'),
 			'requireScheme' => true,
+			'reduceScheme' => false, // reduce "scheme://" to "scheme:" in return value? (internal use only)
 			'convertEncoded' => true, 
 			'encodeSpace' => false, 
 			'stripTags' => true,
@@ -1805,8 +1806,18 @@ class Sanitizer extends Wire {
 				if($options['throw']) throw new WireException($error);
 				$this->error($error);
 				$value = str_ireplace(array("$scheme:///", "$scheme://"), '', $value);
-			} else if($_scheme !== $scheme) {
-				$value = str_replace("$_scheme://", "$scheme://", $value); // lowercase scheme
+			} else {
+				if(strpos($value, '://') === false && stripos($value, "$_scheme:") === 0) {
+					// URL is in "scheme:value" format
+					if(!in_array($scheme, array('http', 'https', 'ftp', 'tel', 'mailto'))) {
+						// add scheme in "scheme://" format temporarily so filter_var won’t throw it out
+						$value = "$scheme://" . substr($value, strlen("$_scheme:"));
+						$options['reduceScheme'] = true;
+					}
+				}
+				if($_scheme !== $scheme) {
+					$value = str_replace("$_scheme://", "$scheme://", $value); // lowercase scheme
+				}
 			}
 		}
 
@@ -1940,6 +1951,11 @@ class Sanitizer extends Wire {
 			$value = str_replace(' ', '%20', $value);
 		}
 		
+		if($options['reduceScheme']) {
+			list($scheme, $value) = explode('://', $value, 2);
+			$value = "$scheme:$value";
+		}
+		
 		return $value;
 	}