link_validate_url() fails on valid relative URL paths that contain query strings

Created on 16 March 2017, almost 8 years ago
Updated 15 March 2023, almost 2 years ago

The function link_validate_url() in link.module is called during the node form validation process for any Link field instance that has the Validate URL option activated.

A problem occurs with any valid relative URLs that happen to contain any sort of query string (e.g., "alias?param=1")

In our example, let's say the path 'alias' should resolve to 'node/1'.

Within link_validate_url(), such a URL (e.g., "alias?param=1") get passed into the condition: if ($type && ($type == LINK_INTERNAL || $type == LINK_EXTERNAL))

This URL will return FALSE when passed to valid_path() and so the $flag variables gets set to FALSE and is then passed into the first if (!$flag) condition.

The problem occurs because drupal_get_normal_path() is not designed to handle a path with a query string attached. (E.g., 'alias?param=1' should return 'node/1', but returns original 'alias?param=1' instead).

So, drupal_get_normal_path() fails to convert the URL and returns the original text (an unconverted path alias with a query string attached, e.g., 'alias?param=1').

The URL is then run through parse_url($normal_path, PHP_URL_PATH), and the bare path alias is now returned (e.g., 'alias') in $parsed_link.

The $normal_path (which includes the query string: 'alias?param=1') now does not match the $parsed_link ('alias'), and so $normal_path is set to the $parsed_link (e.g., 'alias').

The bare alias in $normal_path is now passed to drupal_valid_path(), which in turn passes the alias to menu_get_item(), which only accepts normal system paths and NOT aliases.

$flag therefore remains FALSE and link_validate_url() returns FALSE on a valid, internal URL (e.g., 'alias?param=1'), assuming that 'alias' was a valid alias for 'node/1' as in our example here.

πŸ› Bug report
Status

Needs work

Version

1.4

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States michael_wojcik

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • πŸ‡¨πŸ‡΄Colombia jucedogi

    I encountered this issue on version 7.11

    These patches did not work for me though.

    My proposed solution is different though and I provide a patch for review.

    What I noticed when debugging is that the link_url_type($text) function fails to recognize the URL as internal due to the query and returns a FALSE value. Which results in the link_validate_url($text, $langcode = NULL) function failing due to this.

    Therefore I remove the query from the URL to proceed with the original validation the function does.

    This seems to have done the job in my case.

Production build 0.71.5 2024