From 9a598b7c15a9702950d45c369831853edd4d057b Mon Sep 17 00:00:00 2001
From: webchick <webchick@24967.no-reply.drupal.org>
Date: Tue, 8 Oct 2013 21:42:16 -0700
Subject: [PATCH] Issue #2089327 by thedavidmeister, Cyberschorsch: Remove /
 deprecate calls to drupal_strip_dangerous_protocols() use
 \Drupal\Component\Utility\Url::stripDangerousProtocols().

---
 core/includes/common.inc                                  | 4 ++--
 core/includes/form.inc                                    | 3 ++-
 core/includes/theme.inc                                   | 5 +++--
 core/lib/Drupal/Core/Routing/UrlGenerator.php             | 8 ++++----
 .../system/lib/Drupal/system/Tests/Common/XssUnitTest.php | 7 ++++---
 core/modules/system/system.install                        | 4 ++--
 6 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/core/includes/common.inc b/core/includes/common.inc
index c32b72871dfc..77ea718532a0 100644
--- a/core/includes/common.inc
+++ b/core/includes/common.inc
@@ -729,8 +729,8 @@ function drupal_strip_dangerous_protocols($uri) {
  *   value within a $attributes array passed to Drupal\Core\Template\Attribute,
  *   because Drupal\Core\Template\Attribute expects those values to be
  *   plain-text strings. To pass a filtered URI to
- *   Drupal\Core\Template\Attribute, call drupal_strip_dangerous_protocols()
- *   instead.
+ *   Drupal\Core\Template\Attribute, call
+ *   \Drupal\Component\Utility\Url::stripDangerousProtocols() instead.
  *
  * @see \Drupal\Component\Utility\Url::stripDangerousProtocols()
  * @see \Drupal\Component\Utility\String::checkPlain()
diff --git a/core/includes/form.inc b/core/includes/form.inc
index 29b6c2dcc954..06ee164bd45e 100644
--- a/core/includes/form.inc
+++ b/core/includes/form.inc
@@ -8,6 +8,7 @@
 use Drupal\Component\Utility\Crypt;
 use Drupal\Component\Utility\NestedArray;
 use Drupal\Component\Utility\String;
+use Drupal\Component\Utility\Url;
 use Drupal\Core\Form\FormInterface;
 use Drupal\Core\Form\BaseFormIdInterface;
 use Drupal\Core\Database\Database;
@@ -4534,7 +4535,7 @@ function form_pre_render_color($element) {
 function theme_form($variables) {
   $element = $variables['element'];
   if (isset($element['#action'])) {
-    $element['#attributes']['action'] = drupal_strip_dangerous_protocols($element['#action']);
+    $element['#attributes']['action'] = Url::stripDangerousProtocols($element['#action']);
   }
   element_set_attributes($element, array('method', 'id'));
   if (empty($element['#attributes']['accept-charset'])) {
diff --git a/core/includes/theme.inc b/core/includes/theme.inc
index e6403cfd7baf..e49bb76de70b 100644
--- a/core/includes/theme.inc
+++ b/core/includes/theme.inc
@@ -9,6 +9,7 @@
  */
 
 use Drupal\Component\Utility\String;
+use Drupal\Component\Utility\Url;
 use Drupal\Core\Cache\CacheBackendInterface;
 use Drupal\Core\Config\Config;
 use Drupal\Core\Language\Language;
@@ -2554,7 +2555,7 @@ function template_preprocess_html(&$variables) {
   if (theme_get_setting('features.favicon')) {
     $favicon = theme_get_setting('favicon.url');
     $type = theme_get_setting('favicon.mimetype');
-    drupal_add_html_head_link(array('rel' => 'shortcut icon', 'href' => drupal_strip_dangerous_protocols($favicon), 'type' => $type));
+    drupal_add_html_head_link(array('rel' => 'shortcut icon', 'href' => Url::stripDangerousProtocols($favicon), 'type' => $type));
   }
 
   $site_config = \Drupal::config('system.site');
@@ -2837,7 +2838,7 @@ function template_preprocess_maintenance_page(&$variables) {
   if (theme_get_setting('features.favicon')) {
     $favicon = theme_get_setting('favicon.url');
     $type = theme_get_setting('favicon.mimetype');
-    drupal_add_html_head_link(array('rel' => 'shortcut icon', 'href' => drupal_strip_dangerous_protocols($favicon), 'type' => $type));
+    drupal_add_html_head_link(array('rel' => 'shortcut icon', 'href' => Url::stripDangerousProtocols($favicon), 'type' => $type));
   }
 
   // Get all region content set with drupal_add_region_content().
diff --git a/core/lib/Drupal/Core/Routing/UrlGenerator.php b/core/lib/Drupal/Core/Routing/UrlGenerator.php
index 540a580b68a4..bf6956fd0877 100644
--- a/core/lib/Drupal/Core/Routing/UrlGenerator.php
+++ b/core/lib/Drupal/Core/Routing/UrlGenerator.php
@@ -224,10 +224,10 @@ public function generateFromPath($path = NULL, $options = array()) {
 
     if (!isset($options['external'])) {
       // Return an external link if $path contains an allowed absolute URL. Only
-      // call the slow drupal_strip_dangerous_protocols() if $path contains a ':'
-      // before any / ? or #. Note: we could use url_is_external($path) here, but
-      // that would require another function call, and performance inside url() is
-      // critical.
+      // call the slow \Drupal\Component\Utility\Url::stripDangerousProtocols()
+      // if $path contains a ':' before any / ? or #. Note: we could use
+      // url_is_external($path) here, but that would require another function
+      // call, and performance inside url() is critical.
       $colonpos = strpos($path, ':');
       $options['external'] = ($colonpos !== FALSE && !preg_match('![/?#]!', substr($path, 0, $colonpos)) && Url::stripDangerousProtocols($path) == $path);
     }
diff --git a/core/modules/system/lib/Drupal/system/Tests/Common/XssUnitTest.php b/core/modules/system/lib/Drupal/system/Tests/Common/XssUnitTest.php
index 433d14561096..66213586be7c 100644
--- a/core/modules/system/lib/Drupal/system/Tests/Common/XssUnitTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/Common/XssUnitTest.php
@@ -7,6 +7,7 @@
 
 namespace Drupal\system\Tests\Common;
 
+use Drupal\Component\Utility\Url;
 use Drupal\simpletest\DrupalUnitTestBase;
 
 /**
@@ -53,12 +54,12 @@ function testT() {
    */
   function testBadProtocolStripping() {
     // Ensure that check_url() strips out harmful protocols, and encodes for
-    // HTML. Ensure drupal_strip_dangerous_protocols() can be used to return a
-    // plain-text string stripped of harmful protocols.
+    // HTML. Ensure \Drupal\Component\Utility\Url::stripDangerousProtocols() can
+    // be used to return a plain-text string stripped of harmful protocols.
     $url = 'javascript:http://www.example.com/?x=1&y=2';
     $expected_plain = 'http://www.example.com/?x=1&y=2';
     $expected_html = 'http://www.example.com/?x=1&amp;y=2';
     $this->assertIdentical(check_url($url), $expected_html, 'check_url() filters a URL and encodes it for HTML.');
-    $this->assertIdentical(drupal_strip_dangerous_protocols($url), $expected_plain, 'drupal_strip_dangerous_protocols() filters a URL and returns plain text.');
+    $this->assertIdentical(Url::stripDangerousProtocols($url), $expected_plain, '\Drupal\Component\Utility\Url::stripDangerousProtocols() filters a URL and returns plain text.');
   }
 }
diff --git a/core/modules/system/system.install b/core/modules/system/system.install
index 1ccd669b81c7..315f43a75e51 100644
--- a/core/modules/system/system.install
+++ b/core/modules/system/system.install
@@ -1785,8 +1785,8 @@ function system_update_8034() {
  * Move filter_allowed_protocols variable to config.
  *
  * This config is provided now by the system module because it is used by
- * drupal_strip_dangerous_protocols() and must to be available before the filter
- * module be installed.
+ * \Drupal\Component\Utility\Url::stripDangerousProtocols() and must to be
+ * available before the filter module be installed.
  *
  * @ingroup config_upgrade
  */
-- 
GitLab