From d21fd1f0bbd6c654dfa2a3e9286524b51d548964 Mon Sep 17 00:00:00 2001 From: Jeremy Shipman Date: Mon, 20 May 2013 11:59:04 +1200 Subject: [PATCH 1/2] FIX: Don't rewrite urls to be absolute, if they are a URI with a protocol. This is determined in this fix by the existence of a colon ':', to show the uri has a protocol. --- control/HTTP.php | 6 +++++- tests/control/HTTPTest.php | 35 ++++++++++++++++++++++++++++++----- 2 files changed, 35 insertions(+), 6 deletions(-) diff --git a/control/HTTP.php b/control/HTTP.php index f6d578b1a..384a78774 100644 --- a/control/HTTP.php +++ b/control/HTTP.php @@ -62,7 +62,11 @@ class HTTP { public static function absoluteURLs($html) { $html = str_replace('$CurrentPageURL', $_SERVER['REQUEST_URI'], $html); return HTTP::urlRewriter($html, function($url) { - if(stripos($url, 'mailto:') === 0) return $url; + //no need to rewrite, if uri has a protocol + //(determined here by existence of reserved URI character ":") + if(stripos($url, ":") !== false){ + return $url; + } return Director::absoluteURL($url, true); }); } diff --git a/tests/control/HTTPTest.php b/tests/control/HTTPTest.php index 1503a5592..10b29940a 100644 --- a/tests/control/HTTPTest.php +++ b/tests/control/HTTPTest.php @@ -173,6 +173,14 @@ class HTTPTest extends SapphireTest { HTTP::absoluteURLs('
SS Blog
') ); + //check dot segments + // Assumption: dots are not removed + //if they were, the url should be: http://www.silverstripe.org/abc + $test->assertEquals( + 'Test', + HTTP::absoluteURLs('Test') + ); + // image $test->assertEquals( '', @@ -187,16 +195,33 @@ class HTTPTest extends SapphireTest { }); } - public function testEmailLinks() { + /** + * Make sure URI schemes are not rewritten + */ + public function testURISchemes() { $this->withBaseURL('http://www.silverstripe.org/', function($test){ - - // links + + // mailto $test->assertEquals( 'Email Us', - HTTP::absoluteURLs('Email Us') + HTTP::absoluteURLs('Email Us'), + 'Email links are not rewritten' ); + + // data uri + $test->assertEquals( + 'Red dot', + HTTP::absoluteURLs('Red dot'), + 'Data URI links are not rewritten' + ); + + // call + $test->assertEquals( + '', + HTTP::absoluteURLs(''), + 'Call to links are not rewritten' + ); }); - } /** From b1ba8bd05b5b61e9f9ec4e1316facba570b841db Mon Sep 17 00:00:00 2001 From: Jeremy Shipman Date: Mon, 20 May 2013 12:46:44 +1200 Subject: [PATCH 2/2] FIX: Updated protocol check to become more stringent. --- control/HTTP.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/control/HTTP.php b/control/HTTP.php index 384a78774..03f7cdbcb 100644 --- a/control/HTTP.php +++ b/control/HTTP.php @@ -62,9 +62,8 @@ class HTTP { public static function absoluteURLs($html) { $html = str_replace('$CurrentPageURL', $_SERVER['REQUEST_URI'], $html); return HTTP::urlRewriter($html, function($url) { - //no need to rewrite, if uri has a protocol - //(determined here by existence of reserved URI character ":") - if(stripos($url, ":") !== false){ + //no need to rewrite, if uri has a protocol (determined here by existence of reserved URI character ":") + if(preg_match('/^\w+:/', $url)){ return $url; } return Director::absoluteURL($url, true);