From 00058aa09499c40f2fb99580dd1fe82397da1c2c Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Sun, 23 Jun 2024 09:44:25 +0200
Subject: allow host names with underscores, allow more characters from URLs
 (#8965)

---
 src/util/payto.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/util/payto.c')

diff --git a/src/util/payto.c b/src/util/payto.c
index 90a3f26ce..a471175a9 100644
--- a/src/util/payto.c
+++ b/src/util/payto.c
@@ -293,6 +293,7 @@ validate_payto_xtalerbank (const char *account_url)
       else
       {
         if (! ( ('-' == c) ||
+                ('_' == c) ||
                 ( ('0' <= c) && ('9' >= c) ) ||
                 ( ('a' <= c) && ('z' >= c) ) ||
                 ( ('A' <= c) && ('Z' >= c) ) ) )
@@ -342,7 +343,7 @@ TALER_payto_validate (const char *payto_uri)
     /* This is more strict than RFC 8905, alas we do not need to support messages/instructions/etc.,
        and it is generally better to start with a narrow whitelist; we can be more permissive later ...*/
 #define ALLOWED_CHARACTERS \
-  "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/:&?-_.,=+%~"
+        "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/:$&?!-_.,;=*+%~@()[]"
     if (NULL == strchr (ALLOWED_CHARACTERS,
                         (int) payto_uri[i]))
     {
-- 
cgit v1.2.3