From d53edc7d7ce323c237fcc19bd7c4a92c68c76276 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ricardo=20Gon=C3=A7alves?=
 <ricardobrg@users.noreply.github.com>
Date: Wed, 22 Aug 2018 11:37:07 -0300
Subject: [PATCH] Fix #1349. Detect http(s) and format it.

Detect if action URL in the form doesn't start with http(s) and format it properly.
---
 includes/sanitizers/class-amp-form-sanitizer.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/includes/sanitizers/class-amp-form-sanitizer.php b/includes/sanitizers/class-amp-form-sanitizer.php
index 223cb826042..96901aba8e5 100644
--- a/includes/sanitizers/class-amp-form-sanitizer.php
+++ b/includes/sanitizers/class-amp-form-sanitizer.php
@@ -68,9 +68,8 @@ public function sanitize() {
 			} else {
 				$action_url = $node->getAttribute( 'action' );
 				//check if action_url is a relative path and add the host to it
-				preg_match('(^\/?[^\/].*)',$action_url,$matches);
-				if ($matches){
-					$action_url = '//' . $_SERVER['HTTP_HOST'] . $action_url;
+				if ( ! preg_match( '#^(https?:)?//#', $action_url ) ) {
+				    $action_url = esc_url_raw( '//' . $_SERVER['HTTP_HOST'] . $action_url );
 				}
 			}
 			$xhr_action = $node->getAttribute( 'action-xhr' );