Skip to content
Snippets Groups Projects
Commit 47cd92b2 authored by Angie Byron's avatar Angie Byron
Browse files

Issue #2423579 by mpdonadio, xjm, heilop, Wim Leers, webchick:... 

Issue #2423579 by mpdonadio, xjm, heilop, Wim Leers, webchick: Url::fromUrl('user-path:/') should throw an exception when a path component without a slash is given
parent 7c0e0e06
No related branches found
No related tags found
2 merge requests!7452Issue #1797438. HTML5 validation is preventing form submit and not fully...,!789Issue #3210310: Adjust Database API to remove deprecated Drupal 9 code in Drupal 10
Show whitespace changes
Inline Side-by-side
core/lib/Drupal/Core/Url.php
+ 6
0
View file @ 47cd92b2
...@@ -353,6 +353,9 @@ protected static function fromEntityUri(array $uri_parts, array $options, $uri) ...@@ -353,6 +353,9 @@ protected static function fromEntityUri(array $uri_parts, array $options, $uri)
* *
* @return \Drupal\Core\Url * @return \Drupal\Core\Url
* A new Url object for a 'user-path:' URI. * A new Url object for a 'user-path:' URI.
*
* @throws \InvalidArgumentException
* Thrown when the URI's path component doesn't have a leading slash.
*/ */
protected static function fromUserPathUri(array $uri_parts, array $options) { protected static function fromUserPathUri(array $uri_parts, array $options) {
// Both PathValidator::getUrlIfValidWithoutAccessCheck() and 'base:' URIs // Both PathValidator::getUrlIfValidWithoutAccessCheck() and 'base:' URIs
...@@ -366,6 +369,9 @@ protected static function fromUserPathUri(array $uri_parts, array $options) { ...@@ -366,6 +369,9 @@ protected static function fromUserPathUri(array $uri_parts, array $options) {
$uri_parts['path'] = '<front>'; $uri_parts['path'] = '<front>';
} }
else { else {
if ($uri_parts['path'][0] !== '/') {
throw new \InvalidArgumentException(String::format('The user-path path component "@path" is invalid. Its path component must have a leading slash, e.g. user-path:/foo.', ['@path' => $uri_parts['path']]));
}
// Remove the leading slash. // Remove the leading slash.
$uri_parts['path'] = substr($uri_parts['path'], 1); $uri_parts['path'] = substr($uri_parts['path'], 1);
} }
......
core/modules/link/src/Plugin/Field/FieldWidget/LinkWidget.php
+ 1
0
View file @ 47cd92b2
...@@ -154,6 +154,7 @@ public static function validateUriElement($element, FormStateInterface $form_sta ...@@ -154,6 +154,7 @@ public static function validateUriElement($element, FormStateInterface $form_sta
// https://www.drupal.org/node/2421941 // https://www.drupal.org/node/2421941
if (parse_url($uri, PHP_URL_SCHEME) === 'user-path' && !in_array($element['#value'][0], ['/', '?', '#'], TRUE) && substr($element['#value'], 0, 7) !== '<front>') { if (parse_url($uri, PHP_URL_SCHEME) === 'user-path' && !in_array($element['#value'][0], ['/', '?', '#'], TRUE) && substr($element['#value'], 0, 7) !== '<front>') {
$form_state->setError($element, t('Manually entered paths should start with /, ? or #.')); $form_state->setError($element, t('Manually entered paths should start with /, ? or #.'));
return;
} }
// If the URI is empty or not well-formed, the link field type's validation // If the URI is empty or not well-formed, the link field type's validation
......
core/tests/Drupal/Tests/Core/UrlTest.php
+ 72
0
View file @ 47cd92b2
...@@ -636,6 +636,78 @@ public function providerTestToUriStringForUserPath() { ...@@ -636,6 +636,78 @@ public function providerTestToUriStringForUserPath() {
]; ];
} }
/**
* Tests the fromUri() method with a valid user-path: URI.
*
* @covers ::fromUri
* @dataProvider providerFromValidUserPathUri
*/
public function testFromValidUserPathUri($path) {
$url = Url::fromUri('user-path:' . $path);
$this->assertInstanceOf('Drupal\Core\Url', $url);
}
/**
* Data provider for testFromValidUserPathUri().
*/
public function providerFromValidUserPathUri() {
return [
// Normal paths with a leading slash.
['/kittens'],
['/kittens/bengal'],
// Fragments with and without leading slashes.
['/#about-our-kittens'],
['/kittens#feeding'],
['#feeding'],
// Query strings with and without leading slashes.
['/kittens?page=1000'],
['/?page=1000'],
['?page=1000'],
// Paths with various token formats but no leading slash.
['/[duckies]'],
['/%bunnies'],
['/{{ puppies }}'],
// Disallowed characters in the authority (host name) that are valid
// elsewhere in the path.
['/(:;2&+h^'],
['/AKI@&hO@'],
];
}
/**
* Tests the fromUri() method with an invalid user-path: URI.
*
* @covers ::fromUri
* @expectedException \InvalidArgumentException
* @dataProvider providerFromInvalidUserPathUri
*/
public function testFromInvalidUserPathUri($path) {
Url::fromUri('user-path:' . $path);
}
/**
* Data provider for testFromInvalidUserPathUri().
*/
public function providerFromInvalidUserPathUri() {
return [
// Normal paths without a leading slash.
['kittens'],
['kittens/bengal'],
// Path without a leading slash containing a fragment.
['kittens#feeding'],
// Path without a leading slash containing a query string.
['kittens?page=1000'],
// Paths with various token formats but no leading slash.
['[duckies]'],
['%bunnies'],
['{{ puppies }}'],
// Disallowed characters in the authority (host name) that are valid
// elsewhere in the path.
['(:;2&+h^'],
['AKI@&hO@'],
];
}
/** /**
* Tests the toUriString() method with route: URIs. * Tests the toUriString() method with route: URIs.
* *
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment