From 3e8a9d1905c3110a4e7ac18044f477c60b02e098 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Tue, 9 Jan 2007 08:30:31 +0000
Subject: - Cleanup form attributes.

---
 includes/common.inc | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'includes/common.inc')

diff --git a/includes/common.inc b/includes/common.inc
index 31474eb5c..b55384e2a 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -1142,8 +1142,9 @@ function url($path = NULL, $query = NULL, $fragment = NULL, $absolute = FALSE) {
   }
 
   // Return an external link if $path contains an allowed absolute URL.
-  // Only call the slow filter_xss_bad_protocol if $path contains a ':'.
-  if (strpos($path, ':') !== FALSE && filter_xss_bad_protocol($path, FALSE) == check_plain($path)) {
+  // Only call the slow filter_xss_bad_protocol if $path contains a ':' before any / ? or #.
+  $colonpos = strpos($path, ':');
+  if ($colonpos !== FALSE && !preg_match('![/?#]!', substr($path, 0, $colonpos)) && filter_xss_bad_protocol($path, FALSE) == check_plain($path)) {
     // Split off the fragment
     if (strpos($path, '#') !== FALSE) {
       list($path, $old_fragment) = explode('#', $path, 2);
-- 
cgit v1.2.3