From 12d985d8ea083bd90b647c2bdb85e1d78f18abb3 Mon Sep 17 00:00:00 2001
From: Stefan Giehl <stefan@piwik.org>
Date: Fri, 7 Jul 2017 12:13:57 +0200
Subject: [PATCH] Check if prefixurl for api listing starts with http (#11826)

---
 plugins/API/Controller.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/API/Controller.php b/plugins/API/Controller.php
index 41234d5c9a..416cc728de 100644
--- a/plugins/API/Controller.php
+++ b/plugins/API/Controller.php
@@ -53,7 +53,7 @@ class Controller extends \Piwik\Plugin\Controller
 
         $ApiDocumentation = new DocumentationGenerator();
         $prefixUrls = Common::getRequestVar('prefixUrl', 'http://demo.piwik.org/', 'string');
-        if (!UrlHelper::isLookLikeUrl($prefixUrls)) {
+        if (!UrlHelper::isLookLikeUrl($prefixUrls) || strpos($prefixUrls, 'http') !== 0) {
             $prefixUrls = '';
         }
         return $ApiDocumentation->getApiDocumentationAsStringForDeveloperReference($outputExampleUrls = true, $prefixUrls);
-- 
GitLab