Commit 2389c72b authored by Aaron Wells's avatar Aaron Wells
Browse files

sanitize_url() should return false, when given a null URL (Bug 1497411)

It turns out that if you pass NULL to parse_url(), it returns:
array('path'=>''). Since we were checking isset($parsedurl['path']), this
returns true, even though the url was bad.

behatnotneeded: Already covered by existing tests

Change-Id: I5f4a6074981e6853988225858c22d9dcb0c43feb
parent d1bfcdad
......@@ -4324,8 +4324,8 @@ function language_select_form() {
function sanitize_url($url) {
$parsedurl = parse_url($url);
if (!isset($parsedurl['scheme'])) {
if (isset($parsedurl['path'])) {
if (empty($parsedurl['scheme'])) {
if (!empty($parsedurl['path'])) {
$url = get_config('wwwroot') . ltrim($url, '/');
$parsedurl = parse_url($url);
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment