Skip to content
Snippets Groups Projects

Issue #2031149: State as patch in #48

Open Issue #2031149: State as patch in #48
issue/drupal-2031149:2031149-link-field-protocols into 11.x
5 unresolved threads
Open s_leu requested to merge issue/drupal-2031149:2031149-link-field-protocols into 11.x
5 unresolved threads
Compare
and
13 files
+ 198
7
Compare changes
  • Side-by-side
  • Inline
Files
13
core/lib/Drupal/Component/Utility/UrlHelper.php
+ 8
4
@@ -256,11 +256,13 @@ public static function encodePath($path) {
* @param string $path
* The internal path or external URL being linked to, such as "node/34" or
* "https://example.com/foo".
* @param string[] $allowed_protocols
* The list of custom allowed protocols.
*
* @return bool
* TRUE or FALSE, where TRUE indicates an external path.
*/
public static function isExternal($path) {
public static function isExternal($path, array $allowed_protocols = []) {
$colon_position = strpos($path, ':');
// Some browsers treat \ as / so normalize to forward slashes.
$path = str_replace('\\', '/', $path);
@@ -277,7 +279,7 @@ public static function isExternal($path) {
// if any - as this would clearly mean it is not a URL.
|| ($colon_position !== FALSE
&& !preg_match('![/?#]!', substr($path, 0, $colon_position))
&& static::stripDangerousProtocols($path) == $path);
&& static::stripDangerousProtocols($path, $allowed_protocols) == $path);
}
/**
@@ -388,6 +390,8 @@ public static function setAllowedProtocols(array $protocols = []) {
*
* @param string $uri
* A plain-text URI that might contain dangerous protocols.
* @param string[] $allowed_protocols
* The list of custom allowed protocols.
*
* @return string
* A plain-text URI stripped of dangerous protocols. As with all plain-text
@@ -399,8 +403,8 @@ public static function setAllowedProtocols(array $protocols = []) {
* @see \Drupal\Core\Url::toString()
* @see \Drupal\Core\Url::fromUri()
*/
public static function stripDangerousProtocols($uri) {
$allowed_protocols = array_flip(static::$allowedProtocols);
public static function stripDangerousProtocols($uri, array $allowed_protocols = []) {
$allowed_protocols = array_flip(array_merge(static::$allowedProtocols, $allowed_protocols));
// Iteratively remove any invalid protocol found.
do {