From faddf4c6c27895bae5b6df8adf8cfa36c7f62bc1 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Sun, 16 May 2021 04:33:16 +0200
Subject: [PATCH] Unescape HTML in URLs parsed from user input

Escapes tokens like &amp; to &, so GET parameters are correctly preserved.

Fixes: #274
---
 util.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/util.py b/util.py
index 3d4fa66..fb67a14 100644
--- a/util.py
+++ b/util.py
@@ -2,6 +2,7 @@
 # coding=utf-8
 
 import hashlib
+import html
 import magic
 import os
 import io
@@ -311,7 +312,8 @@ def get_url_from_input(string):
     match = re.search("(http|https)://(\S*)?/(\S*)", string, flags=re.IGNORECASE)
     if match:
         url = match[1].lower() + "://" + match[2].lower() + "/" + match[3]
-        return url
+        # https://github.com/mumble-voip/mumble/issues/4999
+        return html.unescape(url)
     else:
         return ""