Mercurial > hg > isophonics-drupal-site
comparison core/lib/Drupal/Component/Utility/UrlHelper.php @ 17:129ea1e6d783
Update, including to Drupal core 8.6.10
| author | Chris Cannam |
|---|---|
| date | Thu, 28 Feb 2019 13:21:36 +0000 |
| parents | 4c8ae668cc8c |
| children |
comparison
equal
deleted
inserted
replaced
| 16:c2387f117808 | 17:129ea1e6d783 |
|---|---|
| 17 protected static $allowedProtocols = ['http', 'https']; | 17 protected static $allowedProtocols = ['http', 'https']; |
| 18 | 18 |
| 19 /** | 19 /** |
| 20 * Parses an array into a valid, rawurlencoded query string. | 20 * Parses an array into a valid, rawurlencoded query string. |
| 21 * | 21 * |
| 22 * rawurlencode() is RFC3986 compliant, and as a consequence RFC3987 | 22 * Function rawurlencode() is RFC3986 compliant, and as a consequence RFC3987 |
| 23 * compliant. The latter defines the required format of "URLs" in HTML5. | 23 * compliant. The latter defines the required format of "URLs" in HTML5. |
| 24 * urlencode() is almost the same as rawurlencode(), except that it encodes | 24 * urlencode() is almost the same as rawurlencode(), except that it encodes |
| 25 * spaces as "+" instead of "%20". This makes its result non compliant to | 25 * spaces as "+" instead of "%20". This makes its result non compliant to |
| 26 * RFC3986 and as a consequence non compliant to RFC3987 and as a consequence | 26 * RFC3986 and as a consequence non compliant to RFC3987 and as a consequence |
| 27 * not valid as a "URL" in HTML5. | 27 * not valid as a "URL" in HTML5. |
| 246 * | 246 * |
| 247 * @throws \InvalidArgumentException | 247 * @throws \InvalidArgumentException |
| 248 * Exception thrown when a either $url or $bath_url are not fully qualified. | 248 * Exception thrown when a either $url or $bath_url are not fully qualified. |
| 249 */ | 249 */ |
| 250 public static function externalIsLocal($url, $base_url) { | 250 public static function externalIsLocal($url, $base_url) { |
| 251 // Some browsers treat \ as / so normalize to forward slashes. | |
| 252 $url = str_replace('\\', '/', $url); | |
| 253 | |
| 254 // Leading control characters may be ignored or mishandled by browsers, so | |
| 255 // assume such a path may lead to an non-local location. The \p{C} character | |
| 256 // class matches all UTF-8 control, unassigned, and private characters. | |
| 257 if (preg_match('/^\p{C}/u', $url) !== 0) { | |
| 258 return FALSE; | |
| 259 } | |
| 260 | |
| 251 $url_parts = parse_url($url); | 261 $url_parts = parse_url($url); |
| 252 $base_parts = parse_url($base_url); | 262 $base_parts = parse_url($base_url); |
| 253 | 263 |
| 254 if (empty($base_parts['host']) || empty($url_parts['host'])) { | 264 if (empty($base_parts['host']) || empty($url_parts['host'])) { |
| 255 throw new \InvalidArgumentException('A path was passed when a fully qualified domain was expected.'); | 265 throw new \InvalidArgumentException('A path was passed when a fully qualified domain was expected.'); |