X-Git-Url: http://aleph1.co.uk/gitweb/?a=blobdiff_plain;f=web%2Fcore%2Flib%2FDrupal%2FCore%2FRouting%2FUrlGenerator.php;h=853a5f7b4e1babda77e423a4777e49b433b12f2d;hb=refs%2Fheads%2Fd864;hp=63dcd47b6ccdcd9975eb638d73d368f729eab8da;hpb=a2bd1bf0c2c1f1a17d188f4dc0726a45494cefae;p=yaffs-website diff --git a/web/core/lib/Drupal/Core/Routing/UrlGenerator.php b/web/core/lib/Drupal/Core/Routing/UrlGenerator.php index 63dcd47b6..853a5f7b4 100644 --- a/web/core/lib/Drupal/Core/Routing/UrlGenerator.php +++ b/web/core/lib/Drupal/Core/Routing/UrlGenerator.php @@ -65,8 +65,10 @@ class UrlGenerator implements UrlGeneratorInterface { // the slash can be used to designate a hierarchical structure and we want allow using it with this meaning // some webservers don't allow the slash in encoded form in the path for security reasons anyway // see http://stackoverflow.com/questions/4069002/http-400-if-2f-part-of-get-url-in-jboss - '%2F', // Map from these encoded characters. - '/', // Map to these decoded characters. + // Map from these encoded characters. + '%2F', + // Map to these decoded characters. + '/', ]; /** @@ -146,7 +148,7 @@ class UrlGenerator implements UrlGeneratorInterface { * examined for changes in new Symfony releases. * * @param array $variables - * The variables form the compiled route, corresponding to slugs in the + * The variables from the compiled route, corresponding to slugs in the * route path. * @param array $defaults * The defaults from the route. @@ -295,6 +297,11 @@ class UrlGenerator implements UrlGeneratorInterface { if ($options['path_processing']) { $path = $this->processPath($path, $options, $generated_url); } + // Ensure the resulting path has at most one leading slash, to prevent it + // becoming an external URL without a protocol like //example.com. + if (strpos($path, '//') === 0) { + $path = '/' . ltrim($path, '/'); + } // The contexts base URL is already encoded // (see Symfony\Component\HttpFoundation\Request). $path = str_replace($this->decodedChars[0], $this->decodedChars[1], rawurlencode($path));