From a3febfda7a1bc64ba247a241a2983643ae0b1b16 Mon Sep 17 00:00:00 2001
From: brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Mon, 21 Feb 2011 00:38:27 +0000
Subject: Fixes #2719. Removing hack from bookmarks add. Now appends http:// to
 www.example.com and validates that.

git-svn-id: http://code.elgg.org/elgg/trunk@8378 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 mod/bookmarks/actions/bookmarks/save.php | 15 ++++-----------
 1 file changed, 4 insertions(+), 11 deletions(-)

(limited to 'mod/bookmarks/actions')

diff --git a/mod/bookmarks/actions/bookmarks/save.php b/mod/bookmarks/actions/bookmarks/save.php
index 02280838d..2f4f7b685 100644
--- a/mod/bookmarks/actions/bookmarks/save.php
+++ b/mod/bookmarks/actions/bookmarks/save.php
@@ -18,17 +18,10 @@ $container_guid = get_input('container_guid', elgg_get_logged_in_user_guid());
 
 elgg_make_sticky_form('bookmarks');
 
-$normalized = elgg_normalize_url($address);
-
-// slight hack.  If the original link wasn't to this site, they probably didn't mean to post
-// a relative link.  deny the action.
-$site_url = elgg_get_site_entity()->url;
-$test = str_replace($site_url, '', $normalized);
-
-if (trim($address, '/') == trim($test, '/')) {
-	$address = '';
-} else {
-	$address = $normalized;
+// don't use elgg_normalize_url() because we don't want
+// relative links resolved to this site.
+if ($address && !preg_match("#^((ht|f)tps?:)?//#i", $address)) {
+	$address = "http://$address";
 }
 
 if (!$title || !$address || !filter_var($address, FILTER_VALIDATE_URL)) {
-- 
cgit v1.2.3