Révision 134c7813
Ajouté par Mathieu Schiano Di Schiabica il y a environ 8 ans
| drupal7/includes/common.inc | ||
|---|---|---|
| 688 | 688 |
$options['fragment'] = $destination['fragment']; |
| 689 | 689 |
} |
| 690 | 690 |
|
| 691 |
// In some cases modules call drupal_goto(current_path()). We need to ensure |
|
| 692 |
// that such a redirect is not to an external URL. |
|
| 693 |
if ($path === current_path() && empty($options['external']) && url_is_external($path)) {
|
|
| 694 |
// Force url() to generate a non-external URL. |
|
| 695 |
$options['external'] = FALSE; |
|
| 696 |
} |
|
| 697 |
|
|
| 691 | 698 |
drupal_alter('drupal_goto', $path, $options, $http_response_code);
|
| 692 | 699 |
|
| 693 | 700 |
// The 'Location' HTTP header must be absolute. |
| ... | ... | |
| 2220 | 2227 |
'prefix' => '' |
| 2221 | 2228 |
); |
| 2222 | 2229 |
|
| 2223 |
// A duplicate of the code from url_is_external() to avoid needing another |
|
| 2224 |
// function call, since performance inside url() is critical. |
|
| 2225 | 2230 |
if (!isset($options['external'])) {
|
| 2226 |
// Return an external link if $path contains an allowed absolute URL. Avoid |
|
| 2227 |
// calling drupal_strip_dangerous_protocols() if there is any slash (/), |
|
| 2228 |
// hash (#) or question_mark (?) before the colon (:) occurrence - if any - |
|
| 2229 |
// as this would clearly mean it is not a URL. If the path starts with 2 |
|
| 2230 |
// slashes then it is always considered an external URL without an explicit |
|
| 2231 |
// protocol part. |
|
| 2232 |
$colonpos = strpos($path, ':'); |
|
| 2233 |
$options['external'] = (strpos($path, '//') === 0) |
|
| 2234 |
|| ($colonpos !== FALSE |
|
| 2235 |
&& !preg_match('![/?#]!', substr($path, 0, $colonpos))
|
|
| 2236 |
&& drupal_strip_dangerous_protocols($path) == $path); |
|
| 2231 |
$options['external'] = url_is_external($path); |
|
| 2237 | 2232 |
} |
| 2238 | 2233 |
|
| 2239 | 2234 |
// Preserve the original path before altering or aliasing. |
| ... | ... | |
| 2353 | 2348 |
*/ |
| 2354 | 2349 |
function url_is_external($path) {
|
| 2355 | 2350 |
$colonpos = strpos($path, ':'); |
| 2356 |
// Avoid calling drupal_strip_dangerous_protocols() if there is any slash (/), |
|
| 2357 |
// hash (#) or question_mark (?) before the colon (:) occurrence - if any - as |
|
| 2358 |
// this would clearly mean it is not a URL. If the path starts with 2 slashes |
|
| 2359 |
// then it is always considered an external URL without an explicit protocol |
|
| 2360 |
// part. |
|
| 2351 |
// Some browsers treat \ as / so normalize to forward slashes. |
|
| 2352 |
$path = str_replace('\\', '/', $path);
|
|
| 2353 |
// If the path starts with 2 slashes then it is always considered an external |
|
| 2354 |
// URL without an explicit protocol part. |
|
| 2361 | 2355 |
return (strpos($path, '//') === 0) |
| 2356 |
// Leading control characters may be ignored or mishandled by browsers, so |
|
| 2357 |
// assume such a path may lead to an external location. The \p{C} character
|
|
| 2358 |
// class matches all UTF-8 control, unassigned, and private characters. |
|
| 2359 |
|| (preg_match('/^\p{C}/u', $path) !== 0)
|
|
| 2360 |
// Avoid calling drupal_strip_dangerous_protocols() if there is any slash |
|
| 2361 |
// (/), hash (#) or question_mark (?) before the colon (:) occurrence - if |
|
| 2362 |
// any - as this would clearly mean it is not a URL. |
|
| 2362 | 2363 |
|| ($colonpos !== FALSE |
| 2363 | 2364 |
&& !preg_match('![/?#]!', substr($path, 0, $colonpos))
|
| 2364 | 2365 |
&& drupal_strip_dangerous_protocols($path) == $path); |
Formats disponibles : Unified diff
Update to 7.43