Merge pull request #1156 from Codeinwp/bugfix/pro/939

Fixed SSRF vulanaribility

Author: vytisbulkevicius

includes/abstract/feedzy-rss-feeds-admin-abstract.php

@@ -697,10 +697,14 @@ public function normalize_urls( $raw ) {
 		$feed_url = apply_filters( 'feedzy_get_feed_url', $feeds );
 		if ( is_array( $feed_url ) ) {
 			foreach ( $feed_url as $index => $url ) {
-				$feed_url[ $index ] = trim( $this->smart_convert( $url ) );
+				if ( wp_http_validate_url( $url ) ) {
+					$feed_url[ $index ] = trim( $this->smart_convert( esc_url_raw( $url ) ) );
+				}
 			}
+		} elseif ( wp_http_validate_url( $feed_url ) ) {
+			$feed_url = trim( $this->smart_convert( esc_url_raw( $feed_url ) ) );
 		} else {
-			$feed_url = trim( $this->smart_convert( $feed_url ) );
+			$feed_url = '';
 		}
 
 		return $feed_url;