Commit f12b1b63 authored by Dries's avatar Dries

- Patch #354812 by catch, mfer: filter_xss_bad_protocol is called hundreds of times on some pages.

parent 610bc6f7
......@@ -1836,7 +1836,7 @@ function l($text, $path, array $options = array()) {
$options['attributes']['title'] = strip_tags($options['attributes']['title']);
}
return '<a href="' . check_url(url($path, $options)) . '"' . drupal_attributes($options['attributes']) . '>' . ($options['html'] ? $text : check_plain($text)) . '</a>';
return '<a href="' . url($path, $options) . '"' . drupal_attributes($options['attributes']) . '>' . ($options['html'] ? $text : check_plain($text)) . '</a>';
}
/**
......
<?php
// $Id$
/**
* Tests for the l() function.
*/
class CommonLUnitTest extends DrupalWebTestCase {
function getInfo() {
return array(
'name' => t('Tests for the l() function'),
'description' => t('Confirm that url() works correctly with various input.'),
'group' => t('System'),
);
}
/**
* Confirm that invalid text given as $path is filtered.
*/
function testLXSS() {
$text = $this->randomName();
$path = "<SCRIPT>alert('XSS')</SCRIPT>";
$link = l($text, $path);
$sanitized_path = check_url(url($path));
$this->assertTrue(strpos($link, $sanitized_path) != FALSE, t('XSS attack @path was filtered', array('@path' => $path)));
}
}
class CommonSizeTestCase extends DrupalWebTestCase {
protected $exact_test_cases;
protected $rounded_test_cases;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment