You are here

Home » API reference » Secure Pages 7 » securepages.module

function securepages_can_alter_url in Secure Pages 7

Same name and namespace in other branches
  1. 5 securepages.module \securepages_can_alter_url()
  2. 6.2 securepages.module \securepages_can_alter_url()
  3. 6 securepages.module \securepages_can_alter_url()

Checks the URL to make sure it is a URL that can be altered.

Parameters

$url: URL to check.

1 call to securepages_can_alter_url()
securepages_form_alter in ./securepages.module
Implements hook_form_alter().

File

./securepages.module, line 330
Allows certain pages to be viewable only via HTTPS.

Code

function securepages_can_alter_url($url) {
  global $base_path, $base_url;
  $url = @parse_url($url);

  // If there is no scheme then it is a relative url and can be altered
  if (!isset($url['scheme']) && $base_path == '/') {
    return TRUE;
  }

  // If the host names are not the same then don't allow altering of the path.
  if (isset($url['host']) && strtolower($url['host']) != strtolower($_SERVER['HTTP_HOST'])) {
    return FALSE;
  }
  if (strlen($base_path) > 1 && substr($base_url, -1) != substr($url['path'], 1, strlen($base_path))) {
    return FALSE;
  }
  return TRUE;
}