From d6068c47a73468f1ca56eafc4cd5aadea3968ea8 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Wed, 8 Jun 2016 10:36:33 -0700
Subject: [PATCH] Allow only "http" and "https" URLs

---
 manifest/fetch.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifest/fetch.go b/manifest/fetch.go
index 98033e0..93b61f6 100644
--- a/manifest/fetch.go
+++ b/manifest/fetch.go
@@ -25,7 +25,7 @@ func Fetch(library, repo string) (string, string, *Manifest2822, error) {
 	}
 
 	u, err := url.Parse(repo)
-	if err == nil && u.IsAbs() {
+	if err == nil && u.IsAbs() && (u.Scheme == "http" || u.Scheme == "https") {
 		// must be remote URL!
 		resp, err := http.Get(repo)
 		if err != nil {