opdavies/drupalcampbristol
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update to Drupal 8.0.4. For more information, see https://www.drupal.org/drupal-8.0.4

Browse source
This commit is contained in:
Pantheon Automation 2016-02-24 13:20:32 -08:00 committed by Greg Anderson
parent 9db4fae9a7
commit 315484f62f
7 changed files with 205 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

17
core/lib/Drupal/Component/Utility/UrlHelper.php
View file

@ -216,12 +216,19 @@ class UrlHelper {
*/
public static function isExternal($path) {
$colonpos = strpos($path, ':');
// Avoid calling drupal_strip_dangerous_protocols() if there is any slash
// (/), hash (#) or question_mark (?) before the colon (:) occurrence - if
// any - as this would clearly mean it is not a URL. If the path starts with
// 2 slashes then it is always considered an external URL without an
// explicit protocol part.
// Some browsers treat \ as / so normalize to forward slashes.
$path = str_replace('\\', '/', $path);
// If the path starts with 2 slashes then it is always considered an
// external URL without an explicit protocol part.
return (strpos($path, '//') === 0)
// Leading control characters may be ignored or mishandled by browsers,
// so assume such a path may lead to an external location. The \p{C}
// character class matches all UTF-8 control, unassigned, and private
// characters.
|| (preg_match('/^\p{C}/u', $path) !== 0)
// Avoid calling static::stripDangerousProtocols() if there is any slash
// (/), hash (#) or question_mark (?) before the colon (:) occurrence -
// if any - as this would clearly mean it is not a URL.
|| ($colonpos !== FALSE
&& !preg_match('![/?#]!', substr($path, 0, $colonpos))
&& static::stripDangerousProtocols($path) == $path);