Commit 9a598b7c authored by webchick's avatar webchick

Issue #2089327 by thedavidmeister, Cyberschorsch: Remove / deprecate calls to...

Issue #2089327 by thedavidmeister, Cyberschorsch: Remove / deprecate calls to drupal_strip_dangerous_protocols() use \Drupal\Component\Utility\Url::stripDangerousProtocols().
parent c2d9dfca
......@@ -729,8 +729,8 @@ function drupal_strip_dangerous_protocols($uri) {
* value within a $attributes array passed to Drupal\Core\Template\Attribute,
* because Drupal\Core\Template\Attribute expects those values to be
* plain-text strings. To pass a filtered URI to
* Drupal\Core\Template\Attribute, call drupal_strip_dangerous_protocols()
* instead.
* Drupal\Core\Template\Attribute, call
* \Drupal\Component\Utility\Url::stripDangerousProtocols() instead.
*
* @see \Drupal\Component\Utility\Url::stripDangerousProtocols()
* @see \Drupal\Component\Utility\String::checkPlain()
......
......@@ -8,6 +8,7 @@
use Drupal\Component\Utility\Crypt;
use Drupal\Component\Utility\NestedArray;
use Drupal\Component\Utility\String;
use Drupal\Component\Utility\Url;
use Drupal\Core\Form\FormInterface;
use Drupal\Core\Form\BaseFormIdInterface;
use Drupal\Core\Database\Database;
......@@ -4534,7 +4535,7 @@ function form_pre_render_color($element) {
function theme_form($variables) {
$element = $variables['element'];
if (isset($element['#action'])) {
$element['#attributes']['action'] = drupal_strip_dangerous_protocols($element['#action']);
$element['#attributes']['action'] = Url::stripDangerousProtocols($element['#action']);
}
element_set_attributes($element, array('method', 'id'));
if (empty($element['#attributes']['accept-charset'])) {
......
......@@ -9,6 +9,7 @@
*/
use Drupal\Component\Utility\String;
use Drupal\Component\Utility\Url;
use Drupal\Core\Cache\CacheBackendInterface;
use Drupal\Core\Config\Config;
use Drupal\Core\Language\Language;
......@@ -2554,7 +2555,7 @@ function template_preprocess_html(&$variables) {
if (theme_get_setting('features.favicon')) {
$favicon = theme_get_setting('favicon.url');
$type = theme_get_setting('favicon.mimetype');
drupal_add_html_head_link(array('rel' => 'shortcut icon', 'href' => drupal_strip_dangerous_protocols($favicon), 'type' => $type));
drupal_add_html_head_link(array('rel' => 'shortcut icon', 'href' => Url::stripDangerousProtocols($favicon), 'type' => $type));
}
$site_config = \Drupal::config('system.site');
......@@ -2837,7 +2838,7 @@ function template_preprocess_maintenance_page(&$variables) {
if (theme_get_setting('features.favicon')) {
$favicon = theme_get_setting('favicon.url');
$type = theme_get_setting('favicon.mimetype');
drupal_add_html_head_link(array('rel' => 'shortcut icon', 'href' => drupal_strip_dangerous_protocols($favicon), 'type' => $type));
drupal_add_html_head_link(array('rel' => 'shortcut icon', 'href' => Url::stripDangerousProtocols($favicon), 'type' => $type));
}
// Get all region content set with drupal_add_region_content().
......
......@@ -224,10 +224,10 @@ public function generateFromPath($path = NULL, $options = array()) {
if (!isset($options['external'])) {
// Return an external link if $path contains an allowed absolute URL. Only
// call the slow drupal_strip_dangerous_protocols() if $path contains a ':'
// before any / ? or #. Note: we could use url_is_external($path) here, but
// that would require another function call, and performance inside url() is
// critical.
// call the slow \Drupal\Component\Utility\Url::stripDangerousProtocols()
// if $path contains a ':' before any / ? or #. Note: we could use
// url_is_external($path) here, but that would require another function
// call, and performance inside url() is critical.
$colonpos = strpos($path, ':');
$options['external'] = ($colonpos !== FALSE && !preg_match('![/?#]!', substr($path, 0, $colonpos)) && Url::stripDangerousProtocols($path) == $path);
}
......
......@@ -7,6 +7,7 @@
namespace Drupal\system\Tests\Common;
use Drupal\Component\Utility\Url;
use Drupal\simpletest\DrupalUnitTestBase;
/**
......@@ -53,12 +54,12 @@ function testT() {
*/
function testBadProtocolStripping() {
// Ensure that check_url() strips out harmful protocols, and encodes for
// HTML. Ensure drupal_strip_dangerous_protocols() can be used to return a
// plain-text string stripped of harmful protocols.
// HTML. Ensure \Drupal\Component\Utility\Url::stripDangerousProtocols() can
// be used to return a plain-text string stripped of harmful protocols.
$url = 'javascript:http://www.example.com/?x=1&y=2';
$expected_plain = 'http://www.example.com/?x=1&y=2';
$expected_html = 'http://www.example.com/?x=1&y=2';
$this->assertIdentical(check_url($url), $expected_html, 'check_url() filters a URL and encodes it for HTML.');
$this->assertIdentical(drupal_strip_dangerous_protocols($url), $expected_plain, 'drupal_strip_dangerous_protocols() filters a URL and returns plain text.');
$this->assertIdentical(Url::stripDangerousProtocols($url), $expected_plain, '\Drupal\Component\Utility\Url::stripDangerousProtocols() filters a URL and returns plain text.');
}
}
......@@ -1785,8 +1785,8 @@ function system_update_8034() {
* Move filter_allowed_protocols variable to config.
*
* This config is provided now by the system module because it is used by
* drupal_strip_dangerous_protocols() and must to be available before the filter
* module be installed.
* \Drupal\Component\Utility\Url::stripDangerousProtocols() and must to be
* available before the filter module be installed.
*
* @ingroup config_upgrade
*/
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment