### Eclipse Workspace Patch 1.0 #P drupal-6 Index: includes/common.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/common.inc,v retrieving revision 1.756.2.39 diff -u -r1.756.2.39 common.inc --- includes/common.inc 26 Dec 2008 10:43:22 -0000 1.756.2.39 +++ includes/common.inc 12 Jan 2009 01:05:48 -0000 @@ -931,6 +931,7 @@ * * This function should only be used on actual URLs. It should not be used for * Drupal menu paths, which can contain arbitrary characters. + * Valid values per RFC 3986. * * @param $url * The URL to verify. @@ -940,15 +941,30 @@ * TRUE if the URL is in a valid format. */ function valid_url($url, $absolute = FALSE) { - $allowed_characters = '[a-z0-9\/:_\-_\.\?\$,;~=#&%\+]'; if ($absolute) { - return preg_match("/^(http|https|ftp):\/\/". $allowed_characters ."+$/i", $url); + return (bool)preg_match(" + /^ # Start at the beginning of the text + (?:ftp|https?):\/\/ # Look for ftp, http, or https schemes + (?: # Userinfo (optional) which is typically + (?:(?:[\w\.\-\+!$&'\(\)*\+,;=]|%[0-9a-f]{2})+:)* # a username or a username and password + (?:[\w\.\-\+%!$&'\(\)*\+,;=]|%[0-9a-f]{2})+@ # combination + )? + (?: + (?:[a-z0-9\-\.]|%[0-9a-f]{2})+ # A domain name or a IPv4 address + |(?:\[(?:[0-9a-f]{0,4}:)*(?:[0-9a-f]{0,4})\]) # or a well formed IPv6 address + ) + (?::[0-9]+)? # Server port number (optional) + (?:[\/|\?] + (?:[\w#!:\.\?\+=&@!$'~*,;\/\(\)\[\]\-]|%[0-9a-f]{2}) # The path and query (optional) + *)? + $/xi", $url); } else { - return preg_match("/^". $allowed_characters ."+$/i", $url); + return (bool)preg_match("/^(?:[\w#!:\.\?\+=&@!$'~*,;\/\(\)\[\]\-]|%[0-9a-f]{2})+$/i", $url); } } + /** * @} End of "defgroup validation". */