X-Git-Url: http://www.aleph1.co.uk/gitweb/?p=yaffs-website;a=blobdiff_plain;f=web%2Fcore%2Flib%2FDrupal%2FCore%2FPathProcessor%2FPathProcessorAlias.php;fp=web%2Fcore%2Flib%2FDrupal%2FCore%2FPathProcessor%2FPathProcessorAlias.php;h=d0690fee203dd65644c5779a662f1bfdba51a44f;hp=b85737f3cf13da873875959633c315fa93904bee;hb=0bf8d09d2542548982e81a441b1f16e75873a04f;hpb=74df008bdbb3a11eeea356744f39b802369bda3c

diff --git a/web/core/lib/Drupal/Core/PathProcessor/PathProcessorAlias.php b/web/core/lib/Drupal/Core/PathProcessor/PathProcessorAlias.php
index b85737f3c..d0690fee2 100644
--- a/web/core/lib/Drupal/Core/PathProcessor/PathProcessorAlias.php
+++ b/web/core/lib/Drupal/Core/PathProcessor/PathProcessorAlias.php
@@ -43,6 +43,15 @@ class PathProcessorAlias implements InboundPathProcessorInterface, OutboundPathP
     if (empty($options['alias'])) {
       $langcode = isset($options['language']) ? $options['language']->getId() : NULL;
       $path = $this->aliasManager->getAliasByPath($path, $langcode);
+      // Ensure the resulting path has at most one leading slash, to prevent it
+      // becoming an external URL without a protocol like //example.com. This
+      // is done in \Drupal\Core\Routing\UrlGenerator::generateFromRoute()
+      // also, to protect against this problem in arbitrary path processors,
+      // but it is duplicated here to protect any other URL generation code
+      // that might call this method separately.
+      if (strpos($path, '//') === 0) {
+        $path = '/' . ltrim($path, '/');
+      }
     }
     return $path;
   }