* @return string The absolute url
*/
function elgg_normalize_url($url) {
- // 'http://example.com', 'https://example.com', '//example.com'
- // '#target', '?query=string'
- if (preg_match("#^(\#|\?|(https?:)?//)#i", $url)) {
+ // see https://bugs.php.net/bug.php?id=51192
+ // from the bookmarks save action.
+ $php_5_2_13_and_below = version_compare(PHP_VERSION, '5.2.14', '<');
+ $php_5_3_0_to_5_3_2 = version_compare(PHP_VERSION, '5.3.0', '>=') &&
+ version_compare(PHP_VERSION, '5.3.3', '<');
+
+ $validated = false;
+ if ($php_5_2_13_and_below || $php_5_3_0_to_5_3_2) {
+ $tmp_address = str_replace("-", "", $url);
+ $validated = filter_var($tmp_address, FILTER_VALIDATE_URL);
+ } else {
+ $validated = filter_var($url, FILTER_VALIDATE_URL);
+ }
+
+ if ($validated) {
+ // all normal URLs including mailto:
return $url;
+ } elseif (preg_match("#^(\#|\?|//)#i", $url)) {
+ // '//example.com' (Shortcut for protocol.)
+ // '?query=test', #target
+ return $url;
+
} elseif (stripos($url, 'javascript:') === 0) {
// 'javascript:'
+ // Not covered in FILTER_VALIDATE_URL
return $url;
} elseif (preg_match("#^[^/]*\.php(\?.*)?$#i", $url)) {
$conversions = array(
'http://example.com' => 'http://example.com',
'https://example.com' => 'https://example.com',
+ 'http://example-time.com' => 'http://example-time.com',
+
'//example.com' => '//example.com',
+ 'ftp://example.com/file' => 'ftp://example.com/file',
+ 'mailto:brett@elgg.org' => 'mailto:brett@elgg.org',
+ 'javascript:alert("test")' => 'javascript:alert("test")',
+ 'app://endpoint' => 'app://endpoint',
'example.com' => 'http://example.com',
'example.com/subpage' => 'http://example.com/subpage',
projects / lorea / elgg.git / commitdiff