Révision 134c7813
Ajouté par Mathieu Schiano Di Schiabica il y a environ 8 ans
drupal7/includes/common.inc | ||
---|---|---|
688 | 688 |
$options['fragment'] = $destination['fragment']; |
689 | 689 |
} |
690 | 690 |
|
691 |
// In some cases modules call drupal_goto(current_path()). We need to ensure |
|
692 |
// that such a redirect is not to an external URL. |
|
693 |
if ($path === current_path() && empty($options['external']) && url_is_external($path)) { |
|
694 |
// Force url() to generate a non-external URL. |
|
695 |
$options['external'] = FALSE; |
|
696 |
} |
|
697 |
|
|
691 | 698 |
drupal_alter('drupal_goto', $path, $options, $http_response_code); |
692 | 699 |
|
693 | 700 |
// The 'Location' HTTP header must be absolute. |
... | ... | |
2220 | 2227 |
'prefix' => '' |
2221 | 2228 |
); |
2222 | 2229 |
|
2223 |
// A duplicate of the code from url_is_external() to avoid needing another |
|
2224 |
// function call, since performance inside url() is critical. |
|
2225 | 2230 |
if (!isset($options['external'])) { |
2226 |
// Return an external link if $path contains an allowed absolute URL. Avoid |
|
2227 |
// calling drupal_strip_dangerous_protocols() if there is any slash (/), |
|
2228 |
// hash (#) or question_mark (?) before the colon (:) occurrence - if any - |
|
2229 |
// as this would clearly mean it is not a URL. If the path starts with 2 |
|
2230 |
// slashes then it is always considered an external URL without an explicit |
|
2231 |
// protocol part. |
|
2232 |
$colonpos = strpos($path, ':'); |
|
2233 |
$options['external'] = (strpos($path, '//') === 0) |
|
2234 |
|| ($colonpos !== FALSE |
|
2235 |
&& !preg_match('![/?#]!', substr($path, 0, $colonpos)) |
|
2236 |
&& drupal_strip_dangerous_protocols($path) == $path); |
|
2231 |
$options['external'] = url_is_external($path); |
|
2237 | 2232 |
} |
2238 | 2233 |
|
2239 | 2234 |
// Preserve the original path before altering or aliasing. |
... | ... | |
2353 | 2348 |
*/ |
2354 | 2349 |
function url_is_external($path) { |
2355 | 2350 |
$colonpos = strpos($path, ':'); |
2356 |
// Avoid calling drupal_strip_dangerous_protocols() if there is any slash (/), |
|
2357 |
// hash (#) or question_mark (?) before the colon (:) occurrence - if any - as |
|
2358 |
// this would clearly mean it is not a URL. If the path starts with 2 slashes |
|
2359 |
// then it is always considered an external URL without an explicit protocol |
|
2360 |
// part. |
|
2351 |
// Some browsers treat \ as / so normalize to forward slashes. |
|
2352 |
$path = str_replace('\\', '/', $path); |
|
2353 |
// If the path starts with 2 slashes then it is always considered an external |
|
2354 |
// URL without an explicit protocol part. |
|
2361 | 2355 |
return (strpos($path, '//') === 0) |
2356 |
// Leading control characters may be ignored or mishandled by browsers, so |
|
2357 |
// assume such a path may lead to an external location. The \p{C} character |
|
2358 |
// class matches all UTF-8 control, unassigned, and private characters. |
|
2359 |
|| (preg_match('/^\p{C}/u', $path) !== 0) |
|
2360 |
// Avoid calling drupal_strip_dangerous_protocols() if there is any slash |
|
2361 |
// (/), hash (#) or question_mark (?) before the colon (:) occurrence - if |
|
2362 |
// any - as this would clearly mean it is not a URL. |
|
2362 | 2363 |
|| ($colonpos !== FALSE |
2363 | 2364 |
&& !preg_match('![/?#]!', substr($path, 0, $colonpos)) |
2364 | 2365 |
&& drupal_strip_dangerous_protocols($path) == $path); |
Formats disponibles : Unified diff
Update to 7.43