Changeset View
Changeset View
Standalone View
Standalone View
src/infrastructure/env/PhabricatorEnv.php
Show First 20 Lines • Show All 119 Lines • ▼ Show 20 Lines | private static function initializeCommonEnvironment($config_optional) { | ||||
// Write this back into $_ENV, too, so ExecFuture picks it up when creating | // Write this back into $_ENV, too, so ExecFuture picks it up when creating | ||||
// subprocess environments. | // subprocess environments. | ||||
$_ENV['PATH'] = $env_path; | $_ENV['PATH'] = $env_path; | ||||
// If an instance identifier is defined, write it into the environment so | // If an instance identifier is defined, write it into the environment so | ||||
// it's available to subprocesses. | // it's available to subprocesses. | ||||
$instance = self::getEnvConfig('cluster.instance'); | $instance = self::getEnvConfig('cluster.instance'); | ||||
if (strlen($instance)) { | if (phutil_nonempty_string($instance)) { | ||||
putenv('PHABRICATOR_INSTANCE='.$instance); | putenv('PHABRICATOR_INSTANCE='.$instance); | ||||
$_ENV['PHABRICATOR_INSTANCE'] = $instance; | $_ENV['PHABRICATOR_INSTANCE'] = $instance; | ||||
} | } | ||||
PhabricatorEventEngine::initialize(); | PhabricatorEventEngine::initialize(); | ||||
// TODO: Add a "locale.default" config option once we have some reasonable | // TODO: Add a "locale.default" config option once we have some reasonable | ||||
// defaults which aren't silly nonsense. | // defaults which aren't silly nonsense. | ||||
▲ Show 20 Lines • Show All 290 Lines • ▼ Show 20 Lines | public static function getProductionURI($path) { | ||||
return rtrim($production_domain, '/').$path; | return rtrim($production_domain, '/').$path; | ||||
} | } | ||||
public static function isSelfURI($raw_uri) { | public static function isSelfURI($raw_uri) { | ||||
$uri = new PhutilURI($raw_uri); | $uri = new PhutilURI($raw_uri); | ||||
$host = $uri->getDomain(); | $host = $uri->getDomain(); | ||||
if (!strlen($host)) { | if (!phutil_nonempty_string($host)) { | ||||
return false; | return false; | ||||
valerio.bozzolan: This check can be adopted since a domain `"0"` has no sense. | |||||
} | } | ||||
$host = phutil_utf8_strtolower($host); | $host = phutil_utf8_strtolower($host); | ||||
$self_map = self::getSelfURIMap(); | $self_map = self::getSelfURIMap(); | ||||
return isset($self_map[$host]); | return isset($self_map[$host]); | ||||
} | } | ||||
private static function getSelfURIMap() { | private static function getSelfURIMap() { | ||||
$self_uris = array(); | $self_uris = array(); | ||||
$self_uris[] = self::getProductionURI('/'); | $self_uris[] = self::getProductionURI('/'); | ||||
$self_uris[] = self::getURI('/'); | $self_uris[] = self::getURI('/'); | ||||
$allowed_uris = self::getEnvConfig('phabricator.allowed-uris'); | $allowed_uris = self::getEnvConfig('phabricator.allowed-uris'); | ||||
foreach ($allowed_uris as $allowed_uri) { | foreach ($allowed_uris as $allowed_uri) { | ||||
$self_uris[] = $allowed_uri; | $self_uris[] = $allowed_uri; | ||||
} | } | ||||
$self_map = array(); | $self_map = array(); | ||||
foreach ($self_uris as $self_uri) { | foreach ($self_uris as $self_uri) { | ||||
$host = id(new PhutilURI($self_uri))->getDomain(); | $host = id(new PhutilURI($self_uri))->getDomain(); | ||||
if (!strlen($host)) { | if (!phutil_nonempty_string($host)) { | ||||
continue; | continue; | ||||
Done Inline ActionsThis check can be adopted since a domain "0" has no sense. valerio.bozzolan: This check can be adopted since a domain `"0"` has no sense. | |||||
} | } | ||||
$host = phutil_utf8_strtolower($host); | $host = phutil_utf8_strtolower($host); | ||||
$self_map[$host] = $host; | $self_map[$host] = $host; | ||||
} | } | ||||
return $self_map; | return $self_map; | ||||
} | } | ||||
▲ Show 20 Lines • Show All 188 Lines • ▼ Show 20 Lines | /* -( URI Validation )----------------------------------------------------- */ | ||||
* | * | ||||
* @param string URI to test. | * @param string URI to test. | ||||
* @return bool True if the URI identifies a local page. | * @return bool True if the URI identifies a local page. | ||||
* @task uri | * @task uri | ||||
*/ | */ | ||||
public static function isValidLocalURIForLink($uri) { | public static function isValidLocalURIForLink($uri) { | ||||
$uri = (string)$uri; | $uri = (string)$uri; | ||||
if (!strlen($uri)) { | if (!phutil_nonempty_string($uri)) { | ||||
return false; | return false; | ||||
} | } | ||||
if (preg_match('/\s/', $uri)) { | if (preg_match('/\s/', $uri)) { | ||||
// PHP hasn't been vulnerable to header injection attacks for a bunch of | // PHP hasn't been vulnerable to header injection attacks for a bunch of | ||||
// years, but we can safely reject these anyway since they're never valid. | // years, but we can safely reject these anyway since they're never valid. | ||||
return false; | return false; | ||||
} | } | ||||
▲ Show 20 Lines • Show All 47 Lines • ▼ Show 20 Lines | /* -( URI Validation )----------------------------------------------------- */ | ||||
* | * | ||||
* @param string URI to test. | * @param string URI to test. | ||||
* @return void | * @return void | ||||
* @task uri | * @task uri | ||||
*/ | */ | ||||
public static function requireValidRemoteURIForLink($raw_uri) { | public static function requireValidRemoteURIForLink($raw_uri) { | ||||
$uri = new PhutilURI($raw_uri); | $uri = new PhutilURI($raw_uri); | ||||
$proto = $uri->getProtocol(); | $proto = $uri->getProtocol(); | ||||
if (!strlen($proto)) { | if (!$proto) { | ||||
Done Inline ActionsYep I confirm that I know PHP and I know what is going on up here. I confirm that the value "0" does not make any sense in this string and that is why this simple if is sufficient. valerio.bozzolan: Yep I confirm that I know PHP and I know what is going on up here. I confirm that the value "0"… | |||||
throw new Exception( | throw new Exception( | ||||
pht( | pht( | ||||
'URI "%s" is not a valid linkable resource. A valid linkable '. | 'URI "%s" is not a valid linkable resource. A valid linkable '. | ||||
'resource URI must specify a protocol.', | 'resource URI must specify a protocol.', | ||||
$raw_uri)); | $raw_uri)); | ||||
} | } | ||||
$protocols = self::getEnvConfig('uri.allowed-protocols'); | $protocols = self::getEnvConfig('uri.allowed-protocols'); | ||||
if (!isset($protocols[$proto])) { | if (!isset($protocols[$proto])) { | ||||
throw new Exception( | throw new Exception( | ||||
pht( | pht( | ||||
'URI "%s" is not a valid linkable resource. A valid linkable '. | 'URI "%s" is not a valid linkable resource. A valid linkable '. | ||||
'resource URI must use one of these protocols: %s.', | 'resource URI must use one of these protocols: %s.', | ||||
$raw_uri, | $raw_uri, | ||||
implode(', ', array_keys($protocols)))); | implode(', ', array_keys($protocols)))); | ||||
} | } | ||||
$domain = $uri->getDomain(); | $domain = $uri->getDomain(); | ||||
if (!strlen($domain)) { | if (!$domain) { | ||||
throw new Exception( | throw new Exception( | ||||
pht( | pht( | ||||
'URI "%s" is not a valid linkable resource. A valid linkable '. | 'URI "%s" is not a valid linkable resource. A valid linkable '. | ||||
'resource URI must specify a domain.', | 'resource URI must specify a domain.', | ||||
$raw_uri)); | $raw_uri)); | ||||
} | } | ||||
Done Inline ActionsThis simplified check can be adopted since a domain "0" has no sense. valerio.bozzolan: This simplified check can be adopted since a domain `"0"` has no sense. | |||||
} | } | ||||
/** | /** | ||||
* Detect if a URI identifies a valid fetchable remote resource. | * Detect if a URI identifies a valid fetchable remote resource. | ||||
* | * | ||||
* @param string URI to test. | * @param string URI to test. | ||||
* @param list<string> Allowed protocols. | * @param list<string> Allowed protocols. | ||||
Show All 25 Lines | /* -( URI Validation )----------------------------------------------------- */ | ||||
*/ | */ | ||||
public static function requireValidRemoteURIForFetch( | public static function requireValidRemoteURIForFetch( | ||||
$raw_uri, | $raw_uri, | ||||
array $protocols) { | array $protocols) { | ||||
$uri = new PhutilURI($raw_uri); | $uri = new PhutilURI($raw_uri); | ||||
$proto = $uri->getProtocol(); | $proto = $uri->getProtocol(); | ||||
if (!strlen($proto)) { | if (!$proto) { | ||||
throw new Exception( | throw new Exception( | ||||
pht( | pht( | ||||
'URI "%s" is not a valid fetchable resource. A valid fetchable '. | 'URI "%s" is not a valid fetchable resource. A valid fetchable '. | ||||
'resource URI must specify a protocol.', | 'resource URI must specify a protocol.', | ||||
$raw_uri)); | $raw_uri)); | ||||
} | } | ||||
Done Inline ActionsThis simplified check can be adopted since a protocol "0" has no sense. valerio.bozzolan: This simplified check can be adopted since a protocol `"0"` has no sense. | |||||
$protocols = array_fuse($protocols); | $protocols = array_fuse($protocols); | ||||
if (!isset($protocols[$proto])) { | if (!isset($protocols[$proto])) { | ||||
throw new Exception( | throw new Exception( | ||||
pht( | pht( | ||||
'URI "%s" is not a valid fetchable resource. A valid fetchable '. | 'URI "%s" is not a valid fetchable resource. A valid fetchable '. | ||||
'resource URI must use one of these protocols: %s.', | 'resource URI must use one of these protocols: %s.', | ||||
$raw_uri, | $raw_uri, | ||||
implode(', ', array_keys($protocols)))); | implode(', ', array_keys($protocols)))); | ||||
} | } | ||||
$domain = $uri->getDomain(); | $domain = $uri->getDomain(); | ||||
if (!strlen($domain)) { | if (!$domain) { | ||||
throw new Exception( | throw new Exception( | ||||
pht( | pht( | ||||
'URI "%s" is not a valid fetchable resource. A valid fetchable '. | 'URI "%s" is not a valid fetchable resource. A valid fetchable '. | ||||
'resource URI must specify a domain.', | 'resource URI must specify a domain.', | ||||
$raw_uri)); | $raw_uri)); | ||||
} | } | ||||
Done Inline ActionsThis simplified check can be adopted since a protocol "0" has no sense. valerio.bozzolan: This simplified check can be adopted since a protocol `"0"` has no sense. | |||||
$addresses = gethostbynamel($domain); | $addresses = gethostbynamel($domain); | ||||
if (!$addresses) { | if (!$addresses) { | ||||
throw new Exception( | throw new Exception( | ||||
pht( | pht( | ||||
'URI "%s" is not a valid fetchable resource. The domain "%s" could '. | 'URI "%s" is not a valid fetchable resource. The domain "%s" could '. | ||||
'not be resolved.', | 'not be resolved.', | ||||
$raw_uri, | $raw_uri, | ||||
▲ Show 20 Lines • Show All 161 Lines • Show Last 20 Lines |
Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0
This check can be adopted since a domain "0" has no sense.