diff options
Diffstat (limited to 'application/Url.php')
-rw-r--r-- | application/Url.php | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/application/Url.php b/application/Url.php index c5c7dd18..b3759377 100644 --- a/application/Url.php +++ b/application/Url.php | |||
@@ -64,6 +64,30 @@ function add_trailing_slash($url) | |||
64 | } | 64 | } |
65 | 65 | ||
66 | /** | 66 | /** |
67 | * Replace not whitelisted protocols by 'http://' from given URL. | ||
68 | * | ||
69 | * @param string $url URL to clean | ||
70 | * @param array $protocols List of allowed protocols (aside from http(s)). | ||
71 | * | ||
72 | * @return string URL with allowed protocol | ||
73 | */ | ||
74 | function whitelist_protocols($url, $protocols) | ||
75 | { | ||
76 | if (startsWith($url, '?') || startsWith($url, '/')) { | ||
77 | return $url; | ||
78 | } | ||
79 | $protocols = array_merge(['http', 'https'], $protocols); | ||
80 | $protocol = preg_match('#^(\w+):/?/?#', $url, $match); | ||
81 | // Protocol not allowed: we remove it and replace it with http | ||
82 | if ($protocol === 1 && ! in_array($match[1], $protocols)) { | ||
83 | $url = str_replace($match[0], 'http://', $url); | ||
84 | } else if ($protocol !== 1) { | ||
85 | $url = 'http://' . $url; | ||
86 | } | ||
87 | return $url; | ||
88 | } | ||
89 | |||
90 | /** | ||
67 | * URL representation and cleanup utilities | 91 | * URL representation and cleanup utilities |
68 | * | 92 | * |
69 | * Form | 93 | * Form |
@@ -94,7 +118,10 @@ class Url | |||
94 | 'utm_', | 118 | 'utm_', |
95 | 119 | ||
96 | // ATInternet | 120 | // ATInternet |
97 | 'xtor=' | 121 | 'xtor=', |
122 | |||
123 | // Other | ||
124 | 'campaign_' | ||
98 | ); | 125 | ); |
99 | 126 | ||
100 | private static $annoyingFragments = array( | 127 | private static $annoyingFragments = array( |