Skip to content

Commit 4b68814

Browse files
alexpottalexpott
committed
Issue #3029336 by andypost: Properly deprecate check_url()
1 parent a974536 commit 4b68814

File tree

2 files changed

+14
-2
lines changed

2 files changed

+14
-2
lines changed

core/includes/common.inc

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -211,7 +211,7 @@ function valid_email_address($mail) {
211211
* Drupal\Core\Template\Attribute, call
212212
* \Drupal\Component\Utility\UrlHelper::stripDangerousProtocols() instead.
213213
*
214-
* @deprecated in Drupal 8.0.x-dev, will be removed before Drupal 9.0.0.
214+
* @deprecated in Drupal 8.0.0 and will be removed before Drupal 9.0.0.
215215
* Use UrlHelper::stripDangerousProtocols() or UrlHelper::filterBadProtocol()
216216
* instead. UrlHelper::stripDangerousProtocols() can be used in conjunction
217217
* with \Drupal\Component\Render\FormattableMarkup and an @variable
@@ -225,6 +225,7 @@ function valid_email_address($mail) {
225225
* @see https://www.drupal.org/node/2560027
226226
*/
227227
function check_url($uri) {
228+
@trigger_error(__FUNCTION__ . '() is deprecated in Drupal 8.0.0 and will be removed before Drupal 9.0.0. Use UrlHelper::stripDangerousProtocols() or UrlHelper::filterBadProtocol() instead. See https://www.drupal.org/node/2560027', E_USER_DEPRECATED);
228229
return Html::escape(UrlHelper::stripDangerousProtocols($uri));
229230
}
230231

core/tests/Drupal/KernelTests/Core/Common/XssUnitTest.php

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,10 +48,21 @@ public function testBadProtocolStripping() {
4848
$url = 'javascript:http://www.example.com/?x=1&y=2';
4949
$expected_plain = 'http://www.example.com/?x=1&y=2';
5050
$expected_html = 'http://www.example.com/?x=1&y=2';
51-
$this->assertIdentical(check_url($url), $expected_html, 'check_url() filters a URL and encodes it for HTML.');
5251
$this->assertIdentical(UrlHelper::filterBadProtocol($url), $expected_html, '\Drupal\Component\Utility\UrlHelper::filterBadProtocol() filters a URL and encodes it for HTML.');
5352
$this->assertIdentical(UrlHelper::stripDangerousProtocols($url), $expected_plain, '\Drupal\Component\Utility\UrlHelper::stripDangerousProtocols() filters a URL and returns plain text.');
5453

5554
}
5655

56+
/**
57+
* Tests deprecation of the check_url() function.
58+
*
59+
* @group legacy
60+
* @expectedDeprecation check_url() is deprecated in Drupal 8.0.0 and will be removed before Drupal 9.0.0. Use UrlHelper::stripDangerousProtocols() or UrlHelper::filterBadProtocol() instead. See https://www.drupal.org/node/2560027
61+
*/
62+
public function testCheckUrl() {
63+
$url = 'javascript:http://www.example.com/?x=1&y=2';
64+
$expected_html = 'http://www.example.com/?x=1&y=2';
65+
$this->assertSame($expected_html, check_url($url));
66+
}
67+
5768
}

0 commit comments

Comments
 (0)