Page MenuHomePhorge
Differential D25104 Diff 439 src/infrastructure/env/PhabricatorEnv.php

Changeset View

Standalone View

View Options

src/infrastructure/env/PhabricatorEnv.php

Show First 20 LinesShow All 119 Lines▼ Show 20 Lines private static function initializeCommonEnvironment($config_optional) {
// Write this back into $_ENV, too, so ExecFuture picks it up when creating // Write this back into $_ENV, too, so ExecFuture picks it up when creating
// subprocess environments. // subprocess environments.
$_ENV['PATH'] = $env_path; $_ENV['PATH'] = $env_path;
// If an instance identifier is defined, write it into the environment so // If an instance identifier is defined, write it into the environment so
// it's available to subprocesses. // it's available to subprocesses.
$instance = self::getEnvConfig('cluster.instance'); $instance = self::getEnvConfig('cluster.instance');
if (strlen($instance)) { if (phutil_nonempty_string($instance)) {
putenv('PHABRICATOR_INSTANCE='.$instance); putenv('PHABRICATOR_INSTANCE='.$instance);
$_ENV['PHABRICATOR_INSTANCE'] = $instance; $_ENV['PHABRICATOR_INSTANCE'] = $instance;
} }
PhabricatorEventEngine::initialize(); PhabricatorEventEngine::initialize();
// TODO: Add a "locale.default" config option once we have some reasonable // TODO: Add a "locale.default" config option once we have some reasonable
// defaults which aren't silly nonsense. // defaults which aren't silly nonsense.
▲ Show 20 LinesShow All 290 Lines▼ Show 20 Lines public static function getProductionURI($path) {
return rtrim($production_domain, '/').$path; return rtrim($production_domain, '/').$path;
} }
public static function isSelfURI($raw_uri) { public static function isSelfURI($raw_uri) {
$uri = new PhutilURI($raw_uri); $uri = new PhutilURI($raw_uri);
$host = $uri->getDomain(); $host = $uri->getDomain();
if (!strlen($host)) { if (!phutil_nonempty_string($host)) {
return false; return false;
valerio.bozzolanAuthorUnsubmitted
Done
Inline Actions

This check can be adopted since a domain "0" has no sense.

valerio.bozzolan: This check can be adopted since a domain `"0"` has no sense.
} }
$host = phutil_utf8_strtolower($host); $host = phutil_utf8_strtolower($host);
$self_map = self::getSelfURIMap(); $self_map = self::getSelfURIMap();
return isset($self_map[$host]); return isset($self_map[$host]);
} }
private static function getSelfURIMap() { private static function getSelfURIMap() {
$self_uris = array(); $self_uris = array();
$self_uris[] = self::getProductionURI('/'); $self_uris[] = self::getProductionURI('/');
$self_uris[] = self::getURI('/'); $self_uris[] = self::getURI('/');
$allowed_uris = self::getEnvConfig('phabricator.allowed-uris'); $allowed_uris = self::getEnvConfig('phabricator.allowed-uris');
foreach ($allowed_uris as $allowed_uri) { foreach ($allowed_uris as $allowed_uri) {
$self_uris[] = $allowed_uri; $self_uris[] = $allowed_uri;
} }
$self_map = array(); $self_map = array();
foreach ($self_uris as $self_uri) { foreach ($self_uris as $self_uri) {
$host = id(new PhutilURI($self_uri))->getDomain(); $host = id(new PhutilURI($self_uri))->getDomain();
if (!strlen($host)) { if (!phutil_nonempty_string($host)) {
continue; continue;
valerio.bozzolanAuthorUnsubmitted
Done
Inline Actions

This check can be adopted since a domain "0" has no sense.

valerio.bozzolan: This check can be adopted since a domain `"0"` has no sense.
} }
$host = phutil_utf8_strtolower($host); $host = phutil_utf8_strtolower($host);
$self_map[$host] = $host; $self_map[$host] = $host;
} }
return $self_map; return $self_map;
} }
▲ Show 20 LinesShow All 188 Lines▼ Show 20 Lines/* -( URI Validation )----------------------------------------------------- */
* *
* @param string URI to test. * @param string URI to test.
* @return bool True if the URI identifies a local page. * @return bool True if the URI identifies a local page.
* @task uri * @task uri
*/ */
public static function isValidLocalURIForLink($uri) { public static function isValidLocalURIForLink($uri) {
$uri = (string)$uri; $uri = (string)$uri;
if (!strlen($uri)) { if (!phutil_nonempty_string($uri)) {
return false; return false;
} }
if (preg_match('/\s/', $uri)) { if (preg_match('/\s/', $uri)) {
// PHP hasn't been vulnerable to header injection attacks for a bunch of // PHP hasn't been vulnerable to header injection attacks for a bunch of
// years, but we can safely reject these anyway since they're never valid. // years, but we can safely reject these anyway since they're never valid.
return false; return false;
} }
▲ Show 20 LinesShow All 47 Lines▼ Show 20 Lines/* -( URI Validation )----------------------------------------------------- */
* *
* @param string URI to test. * @param string URI to test.
* @return void * @return void
* @task uri * @task uri
*/ */
public static function requireValidRemoteURIForLink($raw_uri) { public static function requireValidRemoteURIForLink($raw_uri) {
$uri = new PhutilURI($raw_uri); $uri = new PhutilURI($raw_uri);
$proto = $uri->getProtocol(); $proto = $uri->getProtocol();
if (!strlen($proto)) { if (!$proto) {
valerio.bozzolanAuthorUnsubmitted
Done
Inline Actions

Yep I confirm that I know PHP and I know what is going on up here. I confirm that the value "0" does not make any sense in this string and that is why this simple if is sufficient.

valerio.bozzolan: Yep I confirm that I know PHP and I know what is going on up here. I confirm that the value "0"…
throw new Exception( throw new Exception(
pht( pht(
'URI "%s" is not a valid linkable resource. A valid linkable '. 'URI "%s" is not a valid linkable resource. A valid linkable '.
'resource URI must specify a protocol.', 'resource URI must specify a protocol.',
$raw_uri)); $raw_uri));
} }
$protocols = self::getEnvConfig('uri.allowed-protocols'); $protocols = self::getEnvConfig('uri.allowed-protocols');
if (!isset($protocols[$proto])) { if (!isset($protocols[$proto])) {
throw new Exception( throw new Exception(
pht( pht(
'URI "%s" is not a valid linkable resource. A valid linkable '. 'URI "%s" is not a valid linkable resource. A valid linkable '.
'resource URI must use one of these protocols: %s.', 'resource URI must use one of these protocols: %s.',
$raw_uri, $raw_uri,
implode(', ', array_keys($protocols)))); implode(', ', array_keys($protocols))));
} }
$domain = $uri->getDomain(); $domain = $uri->getDomain();
if (!strlen($domain)) { if (!$domain) {
throw new Exception( throw new Exception(
pht( pht(
'URI "%s" is not a valid linkable resource. A valid linkable '. 'URI "%s" is not a valid linkable resource. A valid linkable '.
'resource URI must specify a domain.', 'resource URI must specify a domain.',
$raw_uri)); $raw_uri));
} }
valerio.bozzolanAuthorUnsubmitted
Done
Inline Actions

This simplified check can be adopted since a domain "0" has no sense.

valerio.bozzolan: This simplified check can be adopted since a domain `"0"` has no sense.
} }
/** /**
* Detect if a URI identifies a valid fetchable remote resource. * Detect if a URI identifies a valid fetchable remote resource.
* *
* @param string URI to test. * @param string URI to test.
* @param list<string> Allowed protocols. * @param list<string> Allowed protocols.
Show All 25 Lines/* -( URI Validation )----------------------------------------------------- */
*/ */
public static function requireValidRemoteURIForFetch( public static function requireValidRemoteURIForFetch(
$raw_uri, $raw_uri,
array $protocols) { array $protocols) {
$uri = new PhutilURI($raw_uri); $uri = new PhutilURI($raw_uri);
$proto = $uri->getProtocol(); $proto = $uri->getProtocol();
if (!strlen($proto)) { if (!$proto) {
throw new Exception( throw new Exception(
pht( pht(
'URI "%s" is not a valid fetchable resource. A valid fetchable '. 'URI "%s" is not a valid fetchable resource. A valid fetchable '.
'resource URI must specify a protocol.', 'resource URI must specify a protocol.',
$raw_uri)); $raw_uri));
} }
valerio.bozzolanAuthorUnsubmitted
Done
Inline Actions

This simplified check can be adopted since a protocol "0" has no sense.

valerio.bozzolan: This simplified check can be adopted since a protocol `"0"` has no sense.
$protocols = array_fuse($protocols); $protocols = array_fuse($protocols);
if (!isset($protocols[$proto])) { if (!isset($protocols[$proto])) {
throw new Exception( throw new Exception(
pht( pht(
'URI "%s" is not a valid fetchable resource. A valid fetchable '. 'URI "%s" is not a valid fetchable resource. A valid fetchable '.
'resource URI must use one of these protocols: %s.', 'resource URI must use one of these protocols: %s.',
$raw_uri, $raw_uri,
implode(', ', array_keys($protocols)))); implode(', ', array_keys($protocols))));
} }
$domain = $uri->getDomain(); $domain = $uri->getDomain();
if (!strlen($domain)) { if (!$domain) {
throw new Exception( throw new Exception(
pht( pht(
'URI "%s" is not a valid fetchable resource. A valid fetchable '. 'URI "%s" is not a valid fetchable resource. A valid fetchable '.
'resource URI must specify a domain.', 'resource URI must specify a domain.',
$raw_uri)); $raw_uri));
} }
valerio.bozzolanAuthorUnsubmitted
Done
Inline Actions

This simplified check can be adopted since a protocol "0" has no sense.

valerio.bozzolan: This simplified check can be adopted since a protocol `"0"` has no sense.
$addresses = gethostbynamel($domain); $addresses = gethostbynamel($domain);
if (!$addresses) { if (!$addresses) {
throw new Exception( throw new Exception(
pht( pht(
'URI "%s" is not a valid fetchable resource. The domain "%s" could '. 'URI "%s" is not a valid fetchable resource. The domain "%s" could '.
'not be resolved.', 'not be resolved.',
$raw_uri, $raw_uri,
▲ Show 20 LinesShow All 161 LinesShow Last 20 Lines
Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0