You are here

public static function UrlHelper::externalIsLocal in Drupal 10

Same name and namespace in other branches
  1. 8 core/lib/Drupal/Component/Utility/UrlHelper.php \Drupal\Component\Utility\UrlHelper::externalIsLocal()
  2. 9 core/lib/Drupal/Component/Utility/UrlHelper.php \Drupal\Component\Utility\UrlHelper::externalIsLocal()

Determines if an external URL points to this installation.

Parameters

string $url: A string containing an external URL, such as "http://example.com/foo".

string $base_url: The base URL string to check against, such as "http://example.com/"

Return value

bool TRUE if the URL has the same domain and base path.

Throws

\InvalidArgumentException Exception thrown when either $url or $base_url are not fully qualified.

4 calls to UrlHelper::externalIsLocal()
FileUrlGenerator::generate in core/lib/Drupal/Core/File/FileUrlGenerator.php
LocalAwareRedirectResponseTrait::isLocal in core/lib/Drupal/Core/Routing/LocalAwareRedirectResponseTrait.php
Determines whether a path is local.
UrlHelperTest::testExternalIsLocal in core/tests/Drupal/Tests/Component/Utility/UrlHelperTest.php
Tests detecting external urls that point to local resources.
UrlHelperTest::testExternalIsLocalInvalid in core/tests/Drupal/Tests/Component/Utility/UrlHelperTest.php
Tests invalid url arguments.

File

core/lib/Drupal/Component/Utility/UrlHelper.php, line 247

Class

UrlHelper
Helper class URL based methods.

Namespace

Drupal\Component\Utility

Code

public static function externalIsLocal($url, $base_url) {

  // Some browsers treat \ as / so normalize to forward slashes.
  $url = str_replace('\\', '/', $url);

  // Leading control characters may be ignored or mishandled by browsers, so
  // assume such a path may lead to a non-local location. The \p{C} character
  // class matches all UTF-8 control, unassigned, and private characters.
  if (preg_match('/^\\p{C}/u', $url) !== 0) {
    return FALSE;
  }
  $url_parts = parse_url($url);
  $base_parts = parse_url($base_url);
  if (empty($base_parts['host']) || empty($url_parts['host'])) {
    throw new \InvalidArgumentException('A path was passed when a fully qualified domain was expected.');
  }
  if (!isset($url_parts['path']) || !isset($base_parts['path'])) {
    return (!isset($base_parts['path']) || $base_parts['path'] == '/') && $url_parts['host'] == $base_parts['host'];
  }
  else {

    // When comparing base paths, we need a trailing slash to make sure a
    // partial URL match isn't occurring. Since base_path() always returns
    // with a trailing slash, we don't need to add the trailing slash here.
    return $url_parts['host'] == $base_parts['host'] && stripos($url_parts['path'], $base_parts['path']) === 0;
  }
}