diff --git a/core/includes/common.inc b/core/includes/common.inc index c117d43..68baddb 100644 --- a/core/includes/common.inc +++ b/core/includes/common.inc @@ -2197,7 +2197,17 @@ function url_is_external($path) { // Avoid calling drupal_strip_dangerous_protocols() if there is any // slash (/), hash (#) or question_mark (?) before the colon (:) // occurrence - if any - as this would clearly mean it is not a URL. - return $colonpos !== FALSE && !preg_match('![/?#]!', substr($path, 0, $colonpos)) && drupal_strip_dangerous_protocols($path) == $path; + if ($colonpos !== FALSE && !preg_match('![/?#]!', substr($path, 0, $colonpos)) && drupal_strip_dangerous_protocols($path) == $path) { + return TRUE; + } + //If it begins with a /, then it is considered external to drupal, but local to our domain. + //We should ensure that it is not supposed to be a drupal path with an accidental / on the front. + else if ((strpos($path, '/') === 0) && !menu_get_item(ltrim($path, '/'))) { + return TRUE; + } + else { + return FALSE; + } } /** diff --git a/core/includes/menu.inc b/core/includes/menu.inc index 9412310..cb143f5 100644 --- a/core/includes/menu.inc +++ b/core/includes/menu.inc @@ -867,6 +867,9 @@ function _menu_link_translate(&$item, $translate = FALSE) { $item['access'] = 1; $map = array(); $item['href'] = $item['link_path']; + //external paths beginning with / are local to our domain. + //trim the / to ensure it displays correctly. + $item['href'] = ltrim($item['href'], '/'); $item['title'] = $item['link_title']; $item['localized_options'] = $item['options']; } diff --git a/core/modules/menu/menu.admin.inc b/core/modules/menu/menu.admin.inc index f933feb..0b82464 100644 --- a/core/modules/menu/menu.admin.inc +++ b/core/modules/menu/menu.admin.inc @@ -288,7 +288,7 @@ function menu_edit_item($form, &$form_state, $type, $item, $menu) { '#title' => t('Path'), '#maxlength' => 255, '#default_value' => $path, - '#description' => t('The path for this menu link. This can be an internal Drupal path such as %add-node or an external URL such as %drupal. Enter %front to link to the front page.', array('%front' => '', '%add-node' => 'node/add', '%drupal' => 'http://drupal.org')), + '#description' => t('The path for this menu link. This can be an internal Drupal path such as %add-node or an external URL such as %drupal. Enter %front to link to the front page. To link to a URL local to your domain, but external to drupal, precede the path with a /, such as %local_path.', array('%front' => '', '%add-node' => 'node/add', '%drupal' => 'http://drupal.org', '%local_path' => '/myfile.html')), '#required' => TRUE, ); $form['actions']['delete'] = array(