Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #2990723 by poker10, tatarbj, DamienMcKenna: Security improvement for l() function

merge-requests/3045/head
mcdruid 2022-09-06 22:23:15 +01:00
parent b807051feb
commit 9b89fa9c19
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
includes/common.inc
View File

@ -2570,6 +2570,7 @@ function l($text, $path, array $options = array()) {
$use_theme = FALSE;
}
}
$path = drupal_strip_dangerous_protocols((string) $path);
if ($use_theme) {
return theme('link', array('text' => $text, 'path' => $path, 'options' => $options));
}

6
modules/simpletest/tests/common.test
View File

@ -91,6 +91,12 @@ class CommonURLUnitTest extends DrupalWebTestCase {
$link = l($text, $path);
$sanitized_path = check_url(url($path));
$this->assertTrue(strpos($link, $sanitized_path) !== FALSE, format_string('XSS attack @path was filtered', array('@path' => $path)));
// Verify that a dangerous protocol is sanitized.
$text = $this->randomName();
$path = "javascript:alert('XSS')";
$link = l($text, $path, array('external' => TRUE));
$this->assertTrue(strpos($link, 'javascript:') === FALSE, 'Dangerous protocol javascript: was sanitized.');
}
/*