diff options
Diffstat (limited to 'core/lib/Drupal/Component/Utility/UrlHelper.php')
| -rw-r--r-- | core/lib/Drupal/Component/Utility/UrlHelper.php | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/core/lib/Drupal/Component/Utility/UrlHelper.php b/core/lib/Drupal/Component/Utility/UrlHelper.php index 3293d5c..1564f82 100644 --- a/core/lib/Drupal/Component/Utility/UrlHelper.php +++ b/core/lib/Drupal/Component/Utility/UrlHelper.php @@ -214,10 +214,15 @@ class UrlHelper { */ public static function isExternal($path) { $colonpos = strpos($path, ':'); - // Avoid calling stripDangerousProtocols() if there is any - // slash (/), hash (#) or question_mark (?) before the colon (:) - // occurrence - if any - as this would clearly mean it is not a URL. - return $colonpos !== FALSE && !preg_match('![/?#]!', substr($path, 0, $colonpos)) && static::stripDangerousProtocols($path) == $path; + // Avoid calling drupal_strip_dangerous_protocols() if there is any slash + // (/), hash (#) or question_mark (?) before the colon (:) occurrence - if + // any - as this would clearly mean it is not a URL. If the path starts with + // 2 slashes then it is always considered an external URL without an + // explicit protocol part. + return (strpos($path, '//') === 0) + || ($colonpos !== FALSE + && !preg_match('![/?#]!', substr($path, 0, $colonpos)) + && static::stripDangerousProtocols($path) == $path); } /** |