Commit 17561142 authored by catch's avatar catch

Issue #2221695 by brantwynn, ianthomas_uk, grom358, ParisLiakos, Jalandhar:...

Issue #2221695 by brantwynn, ianthomas_uk, grom358, ParisLiakos, Jalandhar: Remove uses of deprecated URL functions.
parent 4a6f2481
......@@ -5,6 +5,7 @@
* API for handling file uploads and server file management.
*/
use Drupal\Component\Utility\UrlHelper;
use Drupal\Core\StreamWrapper\LocalStream;
use Drupal\Component\PhpStorage\FileStorage;
use Drupal\Component\Utility\Settings;
......@@ -472,7 +473,7 @@ function file_create_url($uri) {
else {
// If this is not a properly formatted stream, then it is a shipped file.
// Therefore, return the urlencoded URI with the base URL prepended.
return $GLOBALS['base_url'] . '/' . drupal_encode_path($uri);
return $GLOBALS['base_url'] . '/' . UrlHelper::encodePath($uri);
}
}
elseif ($scheme == 'http' || $scheme == 'https') {
......
......@@ -2624,7 +2624,7 @@ function form_validate_url(&$element, &$form_state) {
$value = trim($element['#value']);
form_set_value($element, $value, $form_state);
if ($value !== '' && !valid_url($value, TRUE)) {
if ($value !== '' && !UrlHelper::isValid($value, TRUE)) {
form_error($element, $form_state, t('The URL %url is not valid.', array('%url' => $value)));
}
}
......
<?php
use Drupal\Component\Utility\UrlHelper;
use Drupal\Component\Utility\UserAgent;
use Drupal\Component\Utility\Crypt;
......@@ -846,7 +847,7 @@ function install_get_form($form_id, array &$install_state) {
* @see install_full_redirect_url()
*/
function install_redirect_url($install_state) {
return 'core/install.php?' . drupal_http_build_query($install_state['parameters']);
return 'core/install.php?' . UrlHelper::buildQuery($install_state['parameters']);
}
/**
......
......@@ -9,6 +9,7 @@
use Drupal\Component\Utility\Crypt;
use Drupal\Component\Utility\OpCodeCache;
use Drupal\Component\Utility\Settings;
use Drupal\Component\Utility\UrlHelper;
use Drupal\Core\Database\Database;
use Drupal\Core\DrupalKernel;
use Drupal\Core\Extension\ExtensionDiscovery;
......@@ -908,7 +909,7 @@ function drupal_current_script_url($query = array()) {
$uri = $_SERVER['SCRIPT_NAME'];
$query = array_merge(drupal_get_query_parameters(), $query);
if (!empty($query)) {
$uri .= '?' . drupal_http_build_query($query);
$uri .= '?' . UrlHelper::buildQuery($query);
}
return $uri;
}
......
......@@ -7,6 +7,7 @@
namespace Drupal\Core\EventSubscriber;
use Drupal\Component\Utility\UrlHelper;
use Drupal\Core\Routing\UrlGeneratorInterface;
use Symfony\Component\HttpKernel\KernelEvents;
use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
......@@ -54,8 +55,8 @@ public function checkRedirectUrl(FilterResponseEvent $event) {
// the following exception:
// - Absolute URLs that point to this site (i.e. same base URL and
// base path) are allowed.
if ($destination && (!url_is_external($destination) || _external_url_is_local($destination))) {
$destination = drupal_parse_url($destination);
if ($destination && (!UrlHelper::isExternal($destination) || UrlHelper::externalIsLocal($destination, base_path()))) {
$destination = UrlHelper::parse($destination);
$path = $destination['path'];
$options['query'] = $destination['query'];
......
......@@ -246,8 +246,9 @@ public function generateFromPath($path = NULL, $options = array()) {
// call the slow
// \Drupal\Component\Utility\UrlHelper::stripDangerousProtocols() if $path
// contains a ':' before any / ? or #. Note: we could use
// url_is_external($path) here, but that would require another function
// call, and performance inside url() is critical.
// \Drupal\Component\Utility\UrlHelper::isExternal($path) here, but that
// would require another function call, and performance inside url() is
// critical.
$colonpos = strpos($path, ':');
$options['external'] = ($colonpos !== FALSE && !preg_match('![/?#]!', substr($path, 0, $colonpos)) && UrlHelper::stripDangerousProtocols($path) == $path);
}
......
......@@ -7,6 +7,7 @@
namespace Drupal\Core\StreamWrapper;
use Drupal\Component\Utility\UrlHelper;
use Drupal\Component\Utility\Settings;
/**
......@@ -29,7 +30,7 @@ public function getDirectoryPath() {
*/
public function getExternalUrl() {
$path = str_replace('\\', '/', $this->getTarget());
return $GLOBALS['base_url'] . '/' . self::getDirectoryPath() . '/' . drupal_encode_path($path);
return $GLOBALS['base_url'] . '/' . self::getDirectoryPath() . '/' . UrlHelper::encodePath($path);
}
/**
......
......@@ -7,6 +7,7 @@
namespace Drupal\contextual\Plugin\views\field;
use Drupal\Component\Utility\UrlHelper;
use Drupal\views\Plugin\views\field\FieldPluginBase;
use Drupal\views\ResultRow;
use Drupal\Component\Utility\Json;
......@@ -115,7 +116,7 @@ public function render(ResultRow $values) {
'',
array(),
array(
'contextual-views-field-links' => drupal_encode_path(Json::encode($links)),
'contextual-views-field-links' => UrlHelper::encodePath(Json::encode($links)),
)
)
);
......
......@@ -11,6 +11,7 @@
*/
use Drupal\Component\Utility\Json;
use Drupal\Component\Utility\UrlHelper;
use Drupal\Component\Utility\Xss;
use Drupal\Core\Cache\Cache;
use Drupal\Core\Language\Language;
......@@ -1121,7 +1122,7 @@ function _locale_strip_quotes($string) {
function _locale_parse_js_file($filepath) {
// The file path might contain a query string, so make sure we only use the
// actual file.
$parsed_url = drupal_parse_url($filepath);
$parsed_url = UrlHelper::parse($filepath);
$filepath = $parsed_url['path'];
// If there is still a protocol component in the path, reject that.
......
......@@ -7,6 +7,7 @@
namespace Drupal\menu_link\Entity;
use Drupal\Component\Utility\UrlHelper;
use Drupal\Core\Cache\Cache;
use Drupal\Core\Entity\Entity;
use Drupal\Core\Entity\EntityStorageInterface;
......@@ -476,7 +477,7 @@ public function preSave(EntityStorageInterface $storage) {
// This is the easiest way to handle the unique internal path '<front>',
// since a path marked as external does not need to match a route.
$this->external = (url_is_external($this->link_path) || $this->link_path == '<front>') ? 1 : 0;
$this->external = (UrlHelper::isExternal($this->link_path) || $this->link_path == '<front>') ? 1 : 0;
// Try to find a parent link. If found, assign it and derive its menu.
$parent = $this->findParent($storage);
......
......@@ -7,6 +7,7 @@
namespace Drupal\menu_link;
use Drupal\Component\Utility\UrlHelper;
use Drupal\Core\Entity\EntityFormController;
use Drupal\Core\Language\Language;
use Drupal\Core\Path\AliasManagerInterface;
......@@ -212,7 +213,7 @@ public function validate(array $form, array &$form_state) {
$menu_link->link_path = $normal_path;
$form_state['values']['link_path'] = $normal_path;
}
if (!url_is_external($menu_link->link_path)) {
if (!UrlHelper::isExternal($menu_link->link_path)) {
$parsed_link = parse_url($menu_link->link_path);
if (isset($parsed_link['query'])) {
$menu_link->options['query'] = array();
......
......@@ -5,6 +5,7 @@
* Allows users to manage customizable lists of shortcut links.
*/
use Drupal\Component\Utility\UrlHelper;
use Drupal\Core\Routing\UrlMatcher;
use Drupal\Core\Url;
use Drupal\shortcut\ShortcutSetInterface;
......@@ -278,7 +279,7 @@ function shortcut_valid_link($path) {
}
// An empty path is valid too and will be converted to <front>.
return (!url_is_external($path) && (\Drupal::service('router.route_provider')->getRoutesByPattern('/' . $path)->count() > 0)) || empty($path) || $path == '<front>';
return (!UrlHelper::isExternal($path) && (\Drupal::service('router.route_provider')->getRoutesByPattern('/' . $path)->count() > 0)) || empty($path) || $path == '<front>';
}
/**
......
......@@ -7,6 +7,7 @@
namespace Drupal\system\Tests\Common;
use Drupal\Component\Utility\UrlHelper;
use Drupal\Core\Language\Language;
use Drupal\simpletest\WebTestBase;
use Symfony\Component\HttpFoundation\Request;
......@@ -25,7 +26,7 @@ class UrlTest extends WebTestBase {
public static function getInfo() {
return array(
'name' => 'URL generation tests',
'description' => 'Confirm that url(), drupal_get_query_parameters(), drupal_http_build_query(), and l() work correctly with various input.',
'description' => 'Confirm that url(), drupal_get_query_parameters(), \Drupal\Component\Utility\UrlHelper::buildQuery(), and l() work correctly with various input.',
'group' => 'Common',
);
}
......@@ -219,7 +220,7 @@ function testDrupalGetQueryParameters() {
}
/**
* Tests drupal_parse_url().
* Tests UrlHelper::parse().
*/
function testDrupalParseUrl() {
// Relative, absolute, and external URLs, without/with explicit script path,
......@@ -233,7 +234,7 @@ function testDrupalParseUrl() {
'query' => array('foo' => 'bar', 'bar' => 'baz', 'baz' => ''),
'fragment' => 'foo',
);
$this->assertEqual(drupal_parse_url($url), $expected, 'URL parsed correctly.');
$this->assertEqual(UrlHelper::parse($url), $expected, 'URL parsed correctly.');
}
}
}
......@@ -245,15 +246,15 @@ function testDrupalParseUrl() {
'query' => array(),
'fragment' => '',
);
$this->assertEqual(drupal_parse_url($url), $result, 'Relative URL parsed correctly.');
$this->assertEqual(UrlHelper::parse($url), $result, 'Relative URL parsed correctly.');
// Test that drupal can recognize an absolute URL. Used to prevent attack vectors.
$url = 'http://drupal.org/foo/bar?foo=bar&bar=baz&baz#foo';
$this->assertTrue(url_is_external($url), 'Correctly identified an external URL.');
$this->assertTrue(UrlHelper::isExternal($url), 'Correctly identified an external URL.');
// Test that drupal_parse_url() does not allow spoofing a URL to force a malicious redirect.
$parts = drupal_parse_url('forged:http://cwe.mitre.org/data/definitions/601.html');
$this->assertFalse(valid_url($parts['path'], TRUE), 'drupal_parse_url() correctly parsed a forged URL.');
// Test that UrlHelper::parse() does not allow spoofing a URL to force a malicious redirect.
$parts = UrlHelper::parse('forged:http://cwe.mitre.org/data/definitions/601.html');
$this->assertFalse(UrlHelper::isValid($parts['path'], TRUE), '\Drupal\Component\Utility\UrlHelper::isValid() correctly parsed a forged URL.');
}
/**
......
......@@ -9,6 +9,7 @@
use Drupal\Component\Utility\Html;
use Drupal\Component\Utility\String;
use Drupal\Component\Utility\UrlHelper;
use Drupal\Component\Utility\Xss;
use Drupal\views\Plugin\views\HandlerBase;
use Drupal\views\Plugin\views\display\DisplayPluginBase;
......@@ -1424,7 +1425,7 @@ protected function renderAsLink($alter, $text, $tokens) {
if (isset($alter['query'])) {
// Convert the query to a string, perform token replacement, and then
// convert back to an array form for l().
$options['query'] = drupal_http_build_query($alter['query']);
$options['query'] = UrlHelper::buildQuery($alter['query']);
$options['query'] = strtr($options['query'], $tokens);
$query = array();
parse_str($options['query'], $query);
......
......@@ -7,6 +7,7 @@
namespace Drupal\views\Tests\Handler;
use Drupal\Component\Utility\UrlHelper;
use Drupal\views\Views;
/**
......@@ -284,11 +285,11 @@ public function testAlterUrl() {
$id_field->options['alter']['path_case'] = 'ucfirst';
$id_field->options['alter']['path'] = 'drupal has a great community';
$output = $id_field->theme($row);
$this->assertSubString($output, drupal_encode_path('Drupal has a great community'));
$this->assertSubString($output, UrlHelper::encodePath('Drupal has a great community'));
$id_field->options['alter']['path_case'] = 'ucwords';
$output = $id_field->theme($row);
$this->assertSubString($output, drupal_encode_path('Drupal Has A Great Community'));
$this->assertSubString($output, UrlHelper::encodePath('Drupal Has A Great Community'));
unset($id_field->options['alter']['path_case']);
// Tests the linkclass setting and see whether it actuall exists in the output.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment