summaryrefslogtreecommitdiffstats
path: root/core/lib/Drupal/Component/Utility/UrlHelper.php
diff options
context:
space:
mode:
Diffstat (limited to 'core/lib/Drupal/Component/Utility/UrlHelper.php')
-rw-r--r--core/lib/Drupal/Component/Utility/UrlHelper.php13
1 files changed, 9 insertions, 4 deletions
diff --git a/core/lib/Drupal/Component/Utility/UrlHelper.php b/core/lib/Drupal/Component/Utility/UrlHelper.php
index 3293d5c..1564f82 100644
--- a/core/lib/Drupal/Component/Utility/UrlHelper.php
+++ b/core/lib/Drupal/Component/Utility/UrlHelper.php
@@ -214,10 +214,15 @@ class UrlHelper {
*/
public static function isExternal($path) {
$colonpos = strpos($path, ':');
- // Avoid calling stripDangerousProtocols() if there is any
- // slash (/), hash (#) or question_mark (?) before the colon (:)
- // occurrence - if any - as this would clearly mean it is not a URL.
- return $colonpos !== FALSE && !preg_match('![/?#]!', substr($path, 0, $colonpos)) && static::stripDangerousProtocols($path) == $path;
+ // Avoid calling drupal_strip_dangerous_protocols() if there is any slash
+ // (/), hash (#) or question_mark (?) before the colon (:) occurrence - if
+ // any - as this would clearly mean it is not a URL. If the path starts with
+ // 2 slashes then it is always considered an external URL without an
+ // explicit protocol part.
+ return (strpos($path, '//') === 0)
+ || ($colonpos !== FALSE
+ && !preg_match('![/?#]!', substr($path, 0, $colonpos))
+ && static::stripDangerousProtocols($path) == $path);
}
/**