Router::url should passthru //example.com/file.ext

The function allows ://example.com/file.ext but was treating //example.com as cake-relative URL. The updated regex matches URI schemes as defined in RFC2396. Will passthru any of these formats: * Starts with a valid URI scheme (javascript:, https:, itunes:, ftp:) * Starts with a '#' * [NEW] Starts with a '?' which may be meaningless, but is as valid as starting with '#' (RFC1808) * starts with //, or :// (:// is not technically valid, but included for compatibilty)
2024-11-15 03:18:26 +00:00 · 2013-06-21 15:10:11 -04:00 · 2013-06-21 15:10:11 -04:00 · 2fd36bdedc
commit 2fd36bdedc
parent cfdac5e32d
2 changed files with 8 additions and 1 deletions
--- a/lib/Cake/Routing/Router.php
+++ b/lib/Cake/Routing/Router.php
@ -870,7 +870,7 @@ class Router {
 				$output = self::_handleNoRoute($url);
 			}
 		} else {
-			if (preg_match('/:\/\/|^(javascript|mailto|tel|sms):|^\#/i', $url)) {
+			if (preg_match('/^([a-z][a-z0-9.+\-]+:|:?\/\/|[#?])/i', $url)) {
 				return $url;
 			}
 			if (substr($url, 0, 1) === '/') {
--- a/lib/Cake/Test/Case/Routing/RouterTest.php
+++ b/lib/Cake/Test/Case/Routing/RouterTest.php
@ -2555,6 +2555,9 @@ class RouterTest extends CakeTestCase {
 		$url = '://example.com';
 		$this->assertEquals($url, Router::url($url));

+		$url = '//example.com';
+		$this->assertEquals($url, Router::url($url));
+
 		$url = 'javascript:void(0)';
 		$this->assertEquals($url, Router::url($url));

@ -2566,6 +2569,10 @@ class RouterTest extends CakeTestCase {

 		$url = '#here';
 		$this->assertEquals($url, Router::url($url));
+
+		$url = '?param=0';
+		$this->assertEquals($url, Router::url($url));
+
 		$url = 'posts/index#here';
 		$expected = FULL_BASE_URL . '/posts/index#here';
 		$this->assertEquals($expected, Router::url($url, true));