diff options
| author | Dries Buytaert <dries@buytaert.net> | 2009-01-08 19:09:49 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2009-01-08 19:09:49 +0000 |
| commit | 18ad0f6933122d08ce394cb756f35b8d9c9e9900 (patch) | |
| tree | bec61e21a76c10558691e794857ed0020f9fa128 /includes | |
| parent | 00b9dd417058d773be11088318ac467839166e78 (diff) | |
| download | brdo-18ad0f6933122d08ce394cb756f35b8d9c9e9900.tar.gz brdo-18ad0f6933122d08ce394cb756f35b8d9c9e9900.tar.bz2 | |
- Patch #124492 by mfer, c960657 et al: valid_url() does not support all valid URL characters.
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/common.inc | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/includes/common.inc b/includes/common.inc index 68b26b1e2..4b59171ef 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -1173,7 +1173,7 @@ function valid_email_address($mail) { * * This function should only be used on actual URLs. It should not be used for * Drupal menu paths, which can contain arbitrary characters. - * + * Valid values per RFC 3986. * @param $url * The URL to verify. * @param $absolute @@ -1182,12 +1182,21 @@ function valid_email_address($mail) { * TRUE if the URL is in a valid format. */ function valid_url($url, $absolute = FALSE) { - $allowed_characters = '[a-z0-9\/:_\-_\.\?\$,;~=#&%\+]'; if ($absolute) { - return (bool)preg_match("/^(http|https|ftp):\/\/" . $allowed_characters . "+$/i", $url); + return (bool)preg_match(" + /^ # Start at the beginning of the text + (?:ftp|https?):\/\/ # Look for ftp, http, or https + (?: # Userinfo (optional) + (?:[\w\.\-\+%!$&'\(\)*\+,;=]+:)* + [\w\.\-\+%!$&'\(\)*\+,;=]+@ + )? + (?:[a-z0-9\-\.%]+) # The domain + (?::[0-9]+)? # Server port number (optional) + (?:[\/|\?][\w#!:\.\?\+=&%@!$'~*,;\/\(\)\[\]\-]*)? # The path (optional) + $/xi", $url); } else { - return (bool)preg_match("/^" . $allowed_characters . "+$/i", $url); + return (bool)preg_match("/^[\w#!:\.\?\+=&%@!$'~*,;\/\(\)\[\]\-]+$/i", $url); } } |