Use of wp_http_validate_url may be misused incorrectly.

[erenfro]

I discovered this issue in regards to the use of the function check_url, because when trying to add a "friend" that was linked to my own Friendica and later Mastodon website, run on the very same cluster of servers running my Wordpress site, that no traffic ever left Wordpress or my webserver specifically while resolving the mastodon's domain name to a local internal subnet IP. When changing this to an external internet address IP, however, things magically worked.

https://github.com/akirk/friends/blob/b04e45659bff29e2f99756ee09a45d5e12ab5e41/includes/class-friends.php#L1218

This call here, is intended for very specific use-cases, and I fear this may be one of the specific use cases this may or may not be legitimately useful for, as it's expecting a very specific protocol and only such.

Per a case I opened about this at Wordpress I feel this may be a case where this is probably hindering more than it should be.