diff options
| -rw-r--r-- | engine/lib/output.php | 25 | ||||
| -rw-r--r-- | engine/tests/api/helpers.php | 6 |
2 files changed, 28 insertions, 3 deletions
diff --git a/engine/lib/output.php b/engine/lib/output.php index 2c3e1a0ba..37ebbb4aa 100644 --- a/engine/lib/output.php +++ b/engine/lib/output.php @@ -243,13 +243,32 @@ function elgg_clean_vars(array $vars = array()) { * @return string The absolute url */ function elgg_normalize_url($url) { - // 'http://example.com', 'https://example.com', '//example.com' - // '#target', '?query=string' - if (preg_match("#^(\#|\?|(https?:)?//)#i", $url)) { + // see https://bugs.php.net/bug.php?id=51192 + // from the bookmarks save action. + $php_5_2_13_and_below = version_compare(PHP_VERSION, '5.2.14', '<'); + $php_5_3_0_to_5_3_2 = version_compare(PHP_VERSION, '5.3.0', '>=') && + version_compare(PHP_VERSION, '5.3.3', '<'); + + $validated = false; + if ($php_5_2_13_and_below || $php_5_3_0_to_5_3_2) { + $tmp_address = str_replace("-", "", $url); + $validated = filter_var($tmp_address, FILTER_VALIDATE_URL); + } else { + $validated = filter_var($url, FILTER_VALIDATE_URL); + } + + if ($validated) { + // all normal URLs including mailto: return $url; + } elseif (preg_match("#^(\#|\?|//)#i", $url)) { + // '//example.com' (Shortcut for protocol.) + // '?query=test', #target + return $url; + } elseif (stripos($url, 'javascript:') === 0) { // 'javascript:' + // Not covered in FILTER_VALIDATE_URL return $url; } elseif (preg_match("#^[^/]*\.php(\?.*)?$#i", $url)) { diff --git a/engine/tests/api/helpers.php b/engine/tests/api/helpers.php index 439d5aa46..f48f91faf 100644 --- a/engine/tests/api/helpers.php +++ b/engine/tests/api/helpers.php @@ -74,7 +74,13 @@ class ElggCoreHelpersTest extends ElggCoreUnitTest { $conversions = array( 'http://example.com' => 'http://example.com', 'https://example.com' => 'https://example.com', + 'http://example-time.com' => 'http://example-time.com', + '//example.com' => '//example.com', + 'ftp://example.com/file' => 'ftp://example.com/file', + 'mailto:brett@elgg.org' => 'mailto:brett@elgg.org', + 'javascript:alert("test")' => 'javascript:alert("test")', + 'app://endpoint' => 'app://endpoint', 'example.com' => 'http://example.com', 'example.com/subpage' => 'http://example.com/subpage', |