function UrlHelper::externalIsLocal

Same name in other branches
  1. 9 core/lib/Drupal/Component/Utility/UrlHelper.php \Drupal\Component\Utility\UrlHelper::externalIsLocal()
  2. 8.9.x core/lib/Drupal/Component/Utility/UrlHelper.php \Drupal\Component\Utility\UrlHelper::externalIsLocal()
  3. 10 core/lib/Drupal/Component/Utility/UrlHelper.php \Drupal\Component\Utility\UrlHelper::externalIsLocal()

Determines if an external URL points to this installation.

Parameters

string $url: A string containing an external URL, such as "http://example.com/foo".

string $base_url: The base URL string to check against, such as "http://example.com/"

Return value

bool TRUE if the URL has the same domain and base path.

Throws

\InvalidArgumentException Exception thrown when either $url or $base_url are not fully qualified.

5 calls to UrlHelper::externalIsLocal()
FileUrlGenerator::generate in core/lib/Drupal/Core/File/FileUrlGenerator.php
Creates a root-relative web-accessible URL object.
LocalAwareRedirectResponseTrait::isLocal in core/lib/Drupal/Core/Routing/LocalAwareRedirectResponseTrait.php
Determines whether a path is local.
OpenModalDialogWithUrl::render in core/lib/Drupal/Core/Ajax/OpenModalDialogWithUrl.php
Return an array to be run through json_encode and sent to the client.
UrlHelperTest::testExternalIsLocal in core/tests/Drupal/Tests/Component/Utility/UrlHelperTest.php
Tests detecting external URLs that point to local resources.
UrlHelperTest::testExternalIsLocalInvalid in core/tests/Drupal/Tests/Component/Utility/UrlHelperTest.php
Tests invalid URL arguments.

File

core/lib/Drupal/Component/Utility/UrlHelper.php, line 297

Class

UrlHelper
Helper class URL based methods.

Namespace

Drupal\Component\Utility

Code

public static function externalIsLocal($url, $base_url) {
    // Some browsers treat \ as / so normalize to forward slashes.
    $url = str_replace('\\', '/', $url);
    // Leading control characters may be ignored or mishandled by browsers, so
    // assume such a path may lead to a non-local location. The \p{C} character
    // class matches all UTF-8 control, unassigned, and private characters.
    if (preg_match('/^\\p{C}/u', $url) !== 0) {
        return FALSE;
    }
    $url_parts = parse_url($url);
    $base_parts = parse_url($base_url);
    if (empty($base_parts['host']) || empty($url_parts['host'])) {
        throw new \InvalidArgumentException('A path was passed when a fully qualified domain was expected.');
    }
    if (!isset($url_parts['path']) || !isset($base_parts['path'])) {
        return (!isset($base_parts['path']) || $base_parts['path'] == '/') && $url_parts['host'] == $base_parts['host'];
    }
    else {
        // When comparing base paths, we need a trailing slash to make sure a
        // partial URL match isn't occurring. Since base_path() always returns
        // with a trailing slash, we don't need to add the trailing slash here.
        return $url_parts['host'] == $base_parts['host'] && stripos($url_parts['path'], $base_parts['path']) === 0;
    }
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.