Révision bceb9b7a
Ajouté par Florent Torregrosa il y a environ 9 ans
drupal7/includes/common.inc | ||
---|---|---|
2214 | 2214 |
'prefix' => '' |
2215 | 2215 |
); |
2216 | 2216 |
|
2217 |
// A duplicate of the code from url_is_external() to avoid needing another |
|
2218 |
// function call, since performance inside url() is critical. |
|
2217 | 2219 |
if (!isset($options['external'])) { |
2218 |
// Return an external link if $path contains an allowed absolute URL. Only |
|
2219 |
// call the slow drupal_strip_dangerous_protocols() if $path contains a ':' |
|
2220 |
// before any / ? or #. Note: we could use url_is_external($path) here, but |
|
2221 |
// that would require another function call, and performance inside url() is |
|
2222 |
// critical. |
|
2220 |
// Return an external link if $path contains an allowed absolute URL. Avoid |
|
2221 |
// calling drupal_strip_dangerous_protocols() if there is any slash (/), |
|
2222 |
// hash (#) or question_mark (?) before the colon (:) occurrence - if any - |
|
2223 |
// as this would clearly mean it is not a URL. If the path starts with 2 |
|
2224 |
// slashes then it is always considered an external URL without an explicit |
|
2225 |
// protocol part. |
|
2223 | 2226 |
$colonpos = strpos($path, ':'); |
2224 |
$options['external'] = ($colonpos !== FALSE && !preg_match('![/?#]!', substr($path, 0, $colonpos)) && drupal_strip_dangerous_protocols($path) == $path); |
|
2227 |
$options['external'] = (strpos($path, '//') === 0) |
|
2228 |
|| ($colonpos !== FALSE |
|
2229 |
&& !preg_match('![/?#]!', substr($path, 0, $colonpos)) |
|
2230 |
&& drupal_strip_dangerous_protocols($path) == $path); |
|
2225 | 2231 |
} |
2226 | 2232 |
|
2227 | 2233 |
// Preserve the original path before altering or aliasing. |
... | ... | |
2259 | 2265 |
return $path . $options['fragment']; |
2260 | 2266 |
} |
2261 | 2267 |
|
2268 |
// Strip leading slashes from internal paths to prevent them becoming external |
|
2269 |
// URLs without protocol. /example.com should not be turned into |
|
2270 |
// //example.com. |
|
2271 |
$path = ltrim($path, '/'); |
|
2272 |
|
|
2262 | 2273 |
global $base_url, $base_secure_url, $base_insecure_url; |
2263 | 2274 |
|
2264 | 2275 |
// The base_url might be rewritten from the language rewrite in domain mode. |
... | ... | |
2336 | 2347 |
*/ |
2337 | 2348 |
function url_is_external($path) { |
2338 | 2349 |
$colonpos = strpos($path, ':'); |
2339 |
// Avoid calling drupal_strip_dangerous_protocols() if there is any |
|
2340 |
// slash (/), hash (#) or question_mark (?) before the colon (:) |
|
2341 |
// occurrence - if any - as this would clearly mean it is not a URL. |
|
2342 |
return $colonpos !== FALSE && !preg_match('![/?#]!', substr($path, 0, $colonpos)) && drupal_strip_dangerous_protocols($path) == $path; |
|
2350 |
// Avoid calling drupal_strip_dangerous_protocols() if there is any slash (/), |
|
2351 |
// hash (#) or question_mark (?) before the colon (:) occurrence - if any - as |
|
2352 |
// this would clearly mean it is not a URL. If the path starts with 2 slashes |
|
2353 |
// then it is always considered an external URL without an explicit protocol |
|
2354 |
// part. |
|
2355 |
return (strpos($path, '//') === 0) |
|
2356 |
|| ($colonpos !== FALSE |
|
2357 |
&& !preg_match('![/?#]!', substr($path, 0, $colonpos)) |
|
2358 |
&& drupal_strip_dangerous_protocols($path) == $path); |
|
2343 | 2359 |
} |
2344 | 2360 |
|
2345 | 2361 |
/** |
... | ... | |
2636 | 2652 |
|
2637 | 2653 |
// Keep old path for reference, and to allow forms to redirect to it. |
2638 | 2654 |
if (!isset($_GET['destination'])) { |
2639 |
$_GET['destination'] = $_GET['q']; |
|
2655 |
// Make sure that the current path is not interpreted as external URL. |
|
2656 |
if (!url_is_external($_GET['q'])) { |
|
2657 |
$_GET['destination'] = $_GET['q']; |
|
2658 |
} |
|
2640 | 2659 |
} |
2641 | 2660 |
|
2642 | 2661 |
$path = drupal_get_normal_path(variable_get('site_404', '')); |
... | ... | |
2665 | 2684 |
|
2666 | 2685 |
// Keep old path for reference, and to allow forms to redirect to it. |
2667 | 2686 |
if (!isset($_GET['destination'])) { |
2668 |
$_GET['destination'] = $_GET['q']; |
|
2687 |
// Make sure that the current path is not interpreted as external URL. |
|
2688 |
if (!url_is_external($_GET['q'])) { |
|
2689 |
$_GET['destination'] = $_GET['q']; |
|
2690 |
} |
|
2669 | 2691 |
} |
2670 | 2692 |
|
2671 | 2693 |
$path = drupal_get_normal_path(variable_get('site_403', '')); |
Formats disponibles : Unified diff
Update core to 7.35