From 0f1c74620f8f7dccc0b94842d193d9ede1a5b384 Mon Sep 17 00:00:00 2001
From: Davi Alexandre <davi@davialexandre.com.br>
Date: Tue, 30 Oct 2018 11:53:04 -0300
Subject: [PATCH] Extract duplicated URL processing code

---
 CRM/Core/BAO/Navigation.php | 62 ++++++++++++++++++++++++-------------
 1 file changed, 40 insertions(+), 22 deletions(-)

diff --git a/CRM/Core/BAO/Navigation.php b/CRM/Core/BAO/Navigation.php
index fa6620d96f45..abb6f1801e7d 100644
--- a/CRM/Core/BAO/Navigation.php
+++ b/CRM/Core/BAO/Navigation.php
@@ -493,22 +493,7 @@ public static function getMenuName(&$value, &$skipMenuItems) {
 
     $makeLink = FALSE;
     if (!empty($url)) {
-      // Skip processing fully-formed urls
-      if (substr($url, 0, 4) !== 'http' && $url[0] !== '/' && $url[0] !== '#') {
-        //CRM-7656 --make sure to separate out url path from url params,
-        //as we'r going to validate url path across cross-site scripting.
-        $parsedUrl = parse_url($url);
-        if (empty($parsedUrl['query'])) {
-          $parsedUrl['query'] = NULL;
-        }
-        if (empty($parsedUrl['fragment'])) {
-          $parsedUrl['fragment'] = NULL;
-        }
-        $url = CRM_Utils_System::url($parsedUrl['path'], $parsedUrl['query'], FALSE, $parsedUrl['fragment'], TRUE);
-      }
-      elseif (strpos($url, '&amp;') === FALSE) {
-        $url = htmlspecialchars($url);
-      }
+      $url = self::makeFullyFormedUrl($url);
       $makeLink = TRUE;
     }
 
@@ -598,12 +583,7 @@ public static function createNavigation() {
       $homeIcon = '<span class="crm-logo-sm" ></span>';
       self::retrieve($homeParams, $homeNav);
       if ($homeNav) {
-        $path = parse_url($homeNav['url'], PHP_URL_PATH);
-        $q = parse_url($homeNav['url'], PHP_URL_QUERY);
-        $fragment = parse_url($homeNav['url'], PHP_URL_FRAGMENT);
-
-        $homeURL = CRM_Utils_System::url($path, $q, FALSE, $fragment);
-
+        $homeURL = self::makeFullyFormedUrl($homeNav['url']);
         $homeLabel = $homeNav['label'];
         // CRM-6804 (we need to special-case this as we don’t ts()-tag variables)
         if ($homeLabel == 'Home') {
@@ -629,6 +609,44 @@ public static function createNavigation() {
     return $prepandString . $navigation;
   }
 
+  /**
+   * Turns relative URLs (like civicrm/foo/bar) into fully-formed
+   * ones (i.e. example.com/wp-admin?q=civicrm/dashboard).
+   *
+   * If the URL is already fully-formed, nothing will be done.
+   *
+   * @param string $url
+   *
+   * @return string
+   */
+  private static function makeFullyFormedUrl($url) {
+    if (self::isNotFullyFormedUrl($url)) {
+      //CRM-7656 --make sure to separate out url path from url params,
+      //as we'r going to validate url path across cross-site scripting.
+      $path = parse_url($url, PHP_URL_PATH);
+      $q = parse_url($url, PHP_URL_QUERY);
+      $fragment = parse_url($url, PHP_URL_FRAGMENT);
+      return CRM_Utils_System::url($path, $q, FALSE, $fragment);
+    }
+
+    if (strpos($url, '&amp;') === FALSE) {
+      return htmlspecialchars($url);
+    }
+
+    return $url;
+  }
+
+  /**
+   * Checks if the given URL is not fully-formed
+   *
+   * @param string $url
+   *
+   * @return bool
+   */
+  private static function isNotFullyFormedUrl($url) {
+    return substr($url, 0, 4) !== 'http' && $url[0] !== '/' && $url[0] !== '#';
+  }
+
   /**
    * Reset navigation for all contacts or a specified contact.
    *