### Eclipse Workspace Patch 1.0 #P drupal-5 Index: includes/common.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/common.inc,v retrieving revision 1.611.2.21 diff -u -r1.611.2.21 common.inc --- includes/common.inc 25 Dec 2008 20:37:07 -0000 1.611.2.21 +++ includes/common.inc 15 Jan 2009 02:31:29 -0000 @@ -888,7 +888,7 @@ * * This function should only be used on actual URLs. It should not be used for * Drupal menu paths, which can contain arbitrary characters. - * + * Valid values per RFC 3986. * @param $url * The URL to verify. * @param $absolute @@ -897,12 +897,26 @@ * TRUE if the URL is in a valid format. */ function valid_url($url, $absolute = FALSE) { - $allowed_characters = '[a-z0-9\/:_\-_\.\?\$,;~=#&%\+]'; if ($absolute) { - return preg_match("/^(http|https|ftp):\/\/". $allowed_characters ."+$/i", $url); + return (bool)preg_match(" + /^ # Start at the beginning of the text + (?:ftp|https?):\/\/ # Look for ftp, http, or https schemes + (?: # Userinfo (optional) which is typically + (?:(?:[\w\.\-\+!$&'\(\)*\+,;=]|%[0-9a-f]{2})+:)* # a username or a username and password + (?:[\w\.\-\+%!$&'\(\)*\+,;=]|%[0-9a-f]{2})+@ # combination + )? + (?: + (?:[a-z0-9\-\.]|%[0-9a-f]{2})+ # A domain name or a IPv4 address + |(?:\[(?:[0-9a-f]{0,4}:)*(?:[0-9a-f]{0,4})\]) # or a well formed IPv6 address + ) + (?::[0-9]+)? # Server port number (optional) + (?:[\/|\?] + (?:[\w#!:\.\?\+=&@$'~*,;\/\(\)\[\]\-]|%[0-9a-f]{2}) # The path and query (optional) + *)? + $/xi", $url); } else { - return preg_match("/^". $allowed_characters ."+$/i", $url); + return (bool)preg_match("/^(?:[\w#!:\.\?\+=&@$'~*,;\/\(\)\[\]\-]|%[0-9a-f]{2})+$/i", $url); } }