Révision bceb9b7a
Ajouté par Florent Torregrosa il y a environ 9 ans
| drupal7/includes/common.inc | ||
|---|---|---|
| 2214 | 2214 |
'prefix' => '' |
| 2215 | 2215 |
); |
| 2216 | 2216 |
|
| 2217 |
// A duplicate of the code from url_is_external() to avoid needing another |
|
| 2218 |
// function call, since performance inside url() is critical. |
|
| 2217 | 2219 |
if (!isset($options['external'])) {
|
| 2218 |
// Return an external link if $path contains an allowed absolute URL. Only |
|
| 2219 |
// call the slow drupal_strip_dangerous_protocols() if $path contains a ':' |
|
| 2220 |
// before any / ? or #. Note: we could use url_is_external($path) here, but |
|
| 2221 |
// that would require another function call, and performance inside url() is |
|
| 2222 |
// critical. |
|
| 2220 |
// Return an external link if $path contains an allowed absolute URL. Avoid |
|
| 2221 |
// calling drupal_strip_dangerous_protocols() if there is any slash (/), |
|
| 2222 |
// hash (#) or question_mark (?) before the colon (:) occurrence - if any - |
|
| 2223 |
// as this would clearly mean it is not a URL. If the path starts with 2 |
|
| 2224 |
// slashes then it is always considered an external URL without an explicit |
|
| 2225 |
// protocol part. |
|
| 2223 | 2226 |
$colonpos = strpos($path, ':'); |
| 2224 |
$options['external'] = ($colonpos !== FALSE && !preg_match('![/?#]!', substr($path, 0, $colonpos)) && drupal_strip_dangerous_protocols($path) == $path);
|
|
| 2227 |
$options['external'] = (strpos($path, '//') === 0) |
|
| 2228 |
|| ($colonpos !== FALSE |
|
| 2229 |
&& !preg_match('![/?#]!', substr($path, 0, $colonpos))
|
|
| 2230 |
&& drupal_strip_dangerous_protocols($path) == $path); |
|
| 2225 | 2231 |
} |
| 2226 | 2232 |
|
| 2227 | 2233 |
// Preserve the original path before altering or aliasing. |
| ... | ... | |
| 2259 | 2265 |
return $path . $options['fragment']; |
| 2260 | 2266 |
} |
| 2261 | 2267 |
|
| 2268 |
// Strip leading slashes from internal paths to prevent them becoming external |
|
| 2269 |
// URLs without protocol. /example.com should not be turned into |
|
| 2270 |
// //example.com. |
|
| 2271 |
$path = ltrim($path, '/'); |
|
| 2272 |
|
|
| 2262 | 2273 |
global $base_url, $base_secure_url, $base_insecure_url; |
| 2263 | 2274 |
|
| 2264 | 2275 |
// The base_url might be rewritten from the language rewrite in domain mode. |
| ... | ... | |
| 2336 | 2347 |
*/ |
| 2337 | 2348 |
function url_is_external($path) {
|
| 2338 | 2349 |
$colonpos = strpos($path, ':'); |
| 2339 |
// Avoid calling drupal_strip_dangerous_protocols() if there is any |
|
| 2340 |
// slash (/), hash (#) or question_mark (?) before the colon (:) |
|
| 2341 |
// occurrence - if any - as this would clearly mean it is not a URL. |
|
| 2342 |
return $colonpos !== FALSE && !preg_match('![/?#]!', substr($path, 0, $colonpos)) && drupal_strip_dangerous_protocols($path) == $path;
|
|
| 2350 |
// Avoid calling drupal_strip_dangerous_protocols() if there is any slash (/), |
|
| 2351 |
// hash (#) or question_mark (?) before the colon (:) occurrence - if any - as |
|
| 2352 |
// this would clearly mean it is not a URL. If the path starts with 2 slashes |
|
| 2353 |
// then it is always considered an external URL without an explicit protocol |
|
| 2354 |
// part. |
|
| 2355 |
return (strpos($path, '//') === 0) |
|
| 2356 |
|| ($colonpos !== FALSE |
|
| 2357 |
&& !preg_match('![/?#]!', substr($path, 0, $colonpos))
|
|
| 2358 |
&& drupal_strip_dangerous_protocols($path) == $path); |
|
| 2343 | 2359 |
} |
| 2344 | 2360 |
|
| 2345 | 2361 |
/** |
| ... | ... | |
| 2636 | 2652 |
|
| 2637 | 2653 |
// Keep old path for reference, and to allow forms to redirect to it. |
| 2638 | 2654 |
if (!isset($_GET['destination'])) {
|
| 2639 |
$_GET['destination'] = $_GET['q']; |
|
| 2655 |
// Make sure that the current path is not interpreted as external URL. |
|
| 2656 |
if (!url_is_external($_GET['q'])) {
|
|
| 2657 |
$_GET['destination'] = $_GET['q']; |
|
| 2658 |
} |
|
| 2640 | 2659 |
} |
| 2641 | 2660 |
|
| 2642 | 2661 |
$path = drupal_get_normal_path(variable_get('site_404', ''));
|
| ... | ... | |
| 2665 | 2684 |
|
| 2666 | 2685 |
// Keep old path for reference, and to allow forms to redirect to it. |
| 2667 | 2686 |
if (!isset($_GET['destination'])) {
|
| 2668 |
$_GET['destination'] = $_GET['q']; |
|
| 2687 |
// Make sure that the current path is not interpreted as external URL. |
|
| 2688 |
if (!url_is_external($_GET['q'])) {
|
|
| 2689 |
$_GET['destination'] = $_GET['q']; |
|
| 2690 |
} |
|
| 2669 | 2691 |
} |
| 2670 | 2692 |
|
| 2671 | 2693 |
$path = drupal_get_normal_path(variable_get('site_403', ''));
|
Formats disponibles : Unified diff
Update core to 7.35