‪TYPO3CMS  10.4
UrlLinkHandler.php
Go to the documentation of this file.
1 <?php
2 
3 /*
4  * This file is part of the TYPO3 CMS project.
5  *
6  * It is free software; you can redistribute it and/or modify it under
7  * the terms of the GNU General Public License, either version 2
8  * of the License, or any later version.
9  *
10  * For the full copyright and license information, please read the
11  * LICENSE.txt file that was distributed with this source code.
12  *
13  * The TYPO3 project - inspiring people to share!
14  */
15 
16 namespace ‪TYPO3\CMS\Core\LinkHandling;
17 
18 use ‪TYPO3\CMS\Core\Utility\StringUtility;
19 
23 class ‪UrlLinkHandler implements ‪LinkHandlingInterface
24 {
25 
32  public function ‪asString(array $parameters): string
33  {
34  return $this->‪addHttpSchemeAsFallback($parameters['url']);
35  }
36 
43  public function ‪resolveHandlerData(array $data): array
44  {
45  return ['url' => $this->‪addHttpSchemeAsFallback($data['url'])];
46  }
47 
54  protected function ‪addHttpSchemeAsFallback(string $url): string
55  {
56  if (!empty($url)) {
57  if (‪StringUtility::beginsWith($url, '//')) {
58  return $url;
59  }
60  $scheme = parse_url($url, PHP_URL_SCHEME);
61  if (empty($scheme)) {
62  $url = 'http://' . $url;
63  // 'java{TAB}script:' is parsed as empty URL scheme, thus not ending up here
64  } elseif (in_array(strtolower($scheme), ['javascript', 'data'], true)) {
65  // deny using insecure scheme's like `javascript:` or `data:` as URL scheme
66  $url = '';
67  }
68  }
69  return $url;
70  }
71 }
‪TYPO3\CMS\Core\Utility\StringUtility\beginsWith
‪static bool beginsWith($haystack, $needle)
Definition: StringUtility.php:32
‪TYPO3\CMS\Core\Utility\StringUtility
Definition: StringUtility.php:22