Version 1

[yaffs-website] / web / core / modules / link / src / Plugin / Validation / Constraint / LinkExternalProtocolsConstraintValidator.php

diff --git a/web/core/modules/link/src/Plugin/Validation/Constraint/LinkExternalProtocolsConstraintValidator.php b/web/core/modules/link/src/Plugin/Validation/Constraint/LinkExternalProtocolsConstraintValidator.php
new file mode 100644 (file)
index 0000000..9484173
--- /dev/null
+++ b/web/core/modules/link/src/Plugin/Validation/Constraint/LinkExternalProtocolsConstraintValidator.php
@@ -0,0 +1,34 @@
+<?php
+
+namespace Drupal\link\Plugin\Validation\Constraint;
+
+use Drupal\Component\Utility\UrlHelper;
+use Symfony\Component\Validator\Constraint;
+use Symfony\Component\Validator\ConstraintValidator;
+
+/**
+ * Validates the LinkExternalProtocols constraint.
+ */
+class LinkExternalProtocolsConstraintValidator extends ConstraintValidator {
+
+  /**
+   * {@inheritdoc}
+   */
+  public function validate($value, Constraint $constraint) {
+    if (isset($value)) {
+      try {
+        /** @var \Drupal\Core\Url $url */
+        $url = $value->getUrl();
+      }
+      // If the URL is malformed this constraint cannot check further.
+      catch (\InvalidArgumentException $e) {
+        return;
+      }
+      // Disallow external URLs using untrusted protocols.
+      if ($url->isExternal() && !in_array(parse_url($url->getUri(), PHP_URL_SCHEME), UrlHelper::getAllowedProtocols())) {
+        $this->context->addViolation($constraint->message, ['@uri' => $value->uri]);
+      }
+    }
+  }
+
+}