Commit 1cdfe372 authored by webchick's avatar webchick
Browse files

Issue #2076847 by zero2one, larowlan, Wim Leers, socketwench, mr.baileys:...

Issue #2076847 by zero2one, larowlan, Wim Leers, socketwench, mr.baileys: Fixed FilterHtmlImageSecure incorrectly flags images coming from site URLs with ports in them as insecure.
parent cde64227
......@@ -1381,7 +1381,7 @@ function _filter_html_image_secure_process($text) {
// Remove absolute URLs pointing to the local domain to prevent mixed
// content errors.
$request = \Drupal::request();
$image->setAttribute('src', preg_replace('|^https?://' . $request->getHost() . '|', '', $src));
$image->setAttribute('src', preg_replace('|^https?://' . $request->getHttpHost() . '|', '', $src));
// Verify that $src starts with $base_path.
// This also ensures that external images cannot be referenced.
......
......@@ -97,9 +97,16 @@ function testImageSource() {
// Create a list of test image sources.
// The keys become the value of the IMG 'src' attribute, the values are the
// expected filter conversions.
$host = $this->container->get('request')->getHost();
$host_pattern = '|^http\://' . $host . '(\:[0-9]{0,5})|';
$images = array(
$http_base_url . '/' . $druplicon => base_path() . $druplicon,
$https_base_url . '/' . $druplicon => base_path() . $druplicon,
// Test a url that includes a port.
preg_replace($host_pattern, 'http://' . $host . ':', $http_base_url . '/' . $druplicon) => base_path() . $druplicon,
preg_replace($host_pattern, 'http://' . $host . ':80', $http_base_url . '/' . $druplicon) => base_path() . $druplicon,
preg_replace($host_pattern, 'http://' . $host . ':443', $http_base_url . '/' . $druplicon) => base_path() . $druplicon,
preg_replace($host_pattern, 'http://' . $host . ':8080', $http_base_url . '/' . $druplicon) => base_path() . $druplicon,
base_path() . $druplicon => base_path() . $druplicon,
$files_path . '/' . $test_image => $files_path . '/' . $test_image,
$http_base_url . '/' . $public_files_path . '/' . $test_image => $files_path . '/' . $test_image,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment