public function handleRequest(AphrontRequest $request)
{
$user = $request->getUser();
$id = $request->getURIData('id');
$blog = id(new PhameBlogQuery())->setViewer($user)->withIDs(array($id))->executeOne();
if (!$blog) {
return new Aphront404Response();
}
if ($blog->getDomain() && $request->getHost() != $blog->getDomain()) {
$base_uri = $blog->getLiveURI();
// Don't redirect directly, since the domain is user-controlled and there
// are a bevy of security issues associated with automatic redirects to
// external domains.
// Previously we CSRF'd this and someone found a way to pass OAuth
// information through it using anchors. Just make users click a normal
// link so that this is no more dangerous than any other external link
// on the site.
$dialog = id(new AphrontDialogView())->setTitle(pht('Blog Moved'))->setUser($user)->appendParagraph(pht('This blog is now hosted here:'))->appendParagraph(phutil_tag('a', array('href' => $base_uri), $base_uri))->addCancelButton('/');
return id(new AphrontDialogResponse())->setDialog($dialog);
}
$phame_request = clone $request;
$more = $phame_request->getURIData('more', '');
$phame_request->setPath('/' . ltrim($more, '/'));
$uri = $blog->getLiveURI();
$skin = $blog->getSkinRenderer($phame_request);
$skin->setBlog($blog)->setBaseURI($uri);
$skin->willProcessRequest(array());
return $skin->processRequest();
}
public function testHostAttacks()
{
static $tests = array('domain.com' => 'domain.com', 'domain.com:80' => 'domain.com', 'evil.com:evil.com@real.com' => 'real.com', 'evil.com:evil.com@real.com:80' => 'real.com');
foreach ($tests as $input => $expect) {
$r = new AphrontRequest($input, '/');
$this->assertEqual($expect, $r->getHost(), pht('Host: %s', $input));
}
}
public function newSiteForRequest(AphrontRequest $request)
{
$host = $request->getHost();
$uri = PhabricatorEnv::getEnvConfig('security.alternate-file-domain');
if (!strlen($uri)) {
return null;
}
if ($this->isHostMatch($host, array($uri))) {
return new PhabricatorResourceSite();
}
return null;
}
public function newSiteForRequest(AphrontRequest $request)
{
if (!$this->isPhameActive()) {
return null;
}
$host = $request->getHost();
try {
$blog = id(new PhameBlogQuery())->setViewer(new PhabricatorUser())->withDomain($host)->needProfileImage(true)->withStatuses(array(PhameBlog::STATUS_ACTIVE))->executeOne();
} catch (PhabricatorPolicyException $ex) {
throw new Exception(pht('This blog is not visible to logged out users, so it can not be ' . 'visited from a custom domain.'));
}
if (!$blog) {
return null;
}
return id(new PhameBlogSite())->setBlog($blog);
}
public function newSiteForRequest(AphrontRequest $request)
{
$host = $request->getHost();
$uri = PhabricatorEnv::getEnvConfig('phurl.short-uri');
if (!strlen($uri)) {
return null;
}
$phurl_installed = PhabricatorApplication::isClassInstalled('PhabricatorPhurlApplication');
if (!$phurl_installed) {
return false;
}
if ($this->isHostMatch($host, array($uri))) {
return new PhabricatorShortSite();
}
return null;
}
public function newSiteForRequest(AphrontRequest $request)
{
$uris = array();
$uris[] = PhabricatorEnv::getEnvConfig('phabricator.base-uri');
$uris[] = PhabricatorEnv::getEnvConfig('phabricator.production-uri');
$allowed = PhabricatorEnv::getEnvConfig('phabricator.allowed-uris');
if ($allowed) {
foreach ($allowed as $uri) {
$uris[] = $uri;
}
}
$host = $request->getHost();
if ($this->isHostMatch($host, $uris)) {
return new PhabricatorPlatformSite();
}
return null;
}
public function newSiteForRequest(AphrontRequest $request)
{
$host = $request->getHost();
$uri = PhabricatorEnv::getEnvConfig('security.alternate-file-domain');
if (!strlen($uri)) {
return null;
}
if ($this->isHostMatch($host, array($uri))) {
return new PhabricatorResourceSite();
}
// These are CDN routes, so we let them through even if the "Host" header
// doesn't match anything we recognize. The
$whitelist = array('/res/', '/file/data/', '/file/xform/');
$path = $request->getPath();
if ($this->isPathPrefixMatch($path, $whitelist)) {
return new PhabricatorResourceSite();
}
return null;
}
public function newSiteForRequest(AphrontRequest $request)
{
// If no base URI has been configured yet, match this site so the user
// can follow setup instructions.
$base_uri = PhabricatorEnv::getEnvConfig('phabricator.base-uri');
if (!strlen($base_uri)) {
return new PhabricatorPlatformSite();
}
$uris = array();
$uris[] = $base_uri;
$uris[] = PhabricatorEnv::getEnvConfig('phabricator.production-uri');
$allowed = PhabricatorEnv::getEnvConfig('phabricator.allowed-uris');
if ($allowed) {
foreach ($allowed as $uri) {
$uris[] = $uri;
}
}
$host = $request->getHost();
if ($this->isHostMatch($host, $uris)) {
return new PhabricatorPlatformSite();
}
return null;
}
public function handleRequest(AphrontRequest $request)
{
$viewer = $request->getViewer();
$this->phid = $request->getURIData('phid');
$this->key = $request->getURIData('key');
$this->token = $request->getURIData('token');
$alt = PhabricatorEnv::getEnvConfig('security.alternate-file-domain');
$base_uri = PhabricatorEnv::getEnvConfig('phabricator.base-uri');
$alt_uri = new PhutilURI($alt);
$alt_domain = $alt_uri->getDomain();
$req_domain = $request->getHost();
$main_domain = id(new PhutilURI($base_uri))->getDomain();
$cache_response = true;
if (empty($alt) || $main_domain == $alt_domain) {
// Alternate files domain isn't configured or it's set
// to the same as the default domain
$response = $this->loadFile($viewer);
if ($response) {
return $response;
}
$file = $this->getFile();
// when the file is not CDNable, don't allow cache
$cache_response = $file->getCanCDN();
} else {
if ($req_domain != $alt_domain) {
// Alternate domain is configured but this request isn't using it
$response = $this->loadFile($viewer);
if ($response) {
return $response;
}
$file = $this->getFile();
// if the user can see the file, generate a token;
// redirect to the alt domain with the token;
$token_uri = $file->getCDNURIWithToken();
$token_uri = new PhutilURI($token_uri);
$token_uri = $this->addURIParameters($token_uri);
return id(new AphrontRedirectResponse())->setIsExternal(true)->setURI($token_uri);
} else {
// We are using the alternate domain. We don't have authentication
// on this domain, so we bypass policy checks when loading the file.
$bypass_policies = PhabricatorUser::getOmnipotentUser();
$response = $this->loadFile($bypass_policies);
if ($response) {
return $response;
}
$file = $this->getFile();
$acquire_token_uri = id(new PhutilURI($file->getViewURI()))->setDomain($main_domain);
$acquire_token_uri = $this->addURIParameters($acquire_token_uri);
if ($this->token) {
// validate the token, if it is valid, continue
$validated_token = $file->validateOneTimeToken($this->token);
if (!$validated_token) {
$dialog = $this->newDialog()->setShortTitle(pht('Expired File'))->setTitle(pht('File Link Has Expired'))->appendParagraph(pht('The link you followed to view this file is invalid or ' . 'expired.'))->appendParagraph(pht('Continue to generate a new link to the file. You may be ' . 'required to log in.'))->addCancelButton($acquire_token_uri, pht('Continue'));
// Build an explicit response so we can respond with HTTP/403 instead
// of HTTP/200.
$response = id(new AphrontDialogResponse())->setDialog($dialog)->setHTTPResponseCode(403);
return $response;
}
// return the file data without cache headers
$cache_response = false;
} else {
if (!$file->getCanCDN()) {
// file cannot be served via cdn, and no token given
// redirect to the main domain to aquire a token
// This is marked as an "external" URI because it is fully qualified.
return id(new AphrontRedirectResponse())->setIsExternal(true)->setURI($acquire_token_uri);
}
}
}
}
$response = new AphrontFileResponse();
if ($cache_response) {
$response->setCacheDurationInSeconds(60 * 60 * 24 * 30);
}
$begin = null;
$end = null;
// NOTE: It's important to accept "Range" requests when playing audio.
// If we don't, Safari has difficulty figuring out how long sounds are
// and glitches when trying to loop them. In particular, Safari sends
// an initial request for bytes 0-1 of the audio file, and things go south
// if we can't respond with a 206 Partial Content.
$range = $request->getHTTPHeader('range');
if ($range) {
$matches = null;
if (preg_match('/^bytes=(\\d+)-(\\d+)$/', $range, $matches)) {
// Note that the "Range" header specifies bytes differently than
// we do internally: the range 0-1 has 2 bytes (byte 0 and byte 1).
$begin = (int) $matches[1];
$end = (int) $matches[2] + 1;
$response->setHTTPResponseCode(206);
$response->setRange($begin, $end - 1);
}
} else {
if (isset($validated_token)) {
// We set this on the response, and the response deletes it after the
// transfer completes. This allows transfers to be resumed, in theory.
$response->setTemporaryFileToken($validated_token);
}
}
$is_viewable = $file->isViewableInBrowser();
$force_download = $request->getExists('download');
if ($is_viewable && !$force_download) {
$response->setMimeType($file->getViewableMimeType());
} else {
if (!$request->isHTTPPost() && !$alt_domain) {
// NOTE: Require POST to download files from the primary domain. We'd
// rather go full-bore and do a real CSRF check, but can't currently
// authenticate users on the file domain. This should blunt any
// attacks based on iframes, script tags, applet tags, etc., at least.
// Send the user to the "info" page if they're using some other method.
// This is marked as "external" because it is fully qualified.
return id(new AphrontRedirectResponse())->setIsExternal(true)->setURI(PhabricatorEnv::getProductionURI($file->getBestURI()));
}
$response->setMimeType($file->getMimeType());
$response->setDownload($file->getName());
}
$iterator = $file->getFileDataIterator($begin, $end);
$response->setContentLength($file->getByteSize());
$response->setContentIterator($iterator);
return $response;
}
public function handleRequest(AphrontRequest $request)
{
$viewer = $request->getViewer();
$this->phid = $request->getURIData('phid');
$this->key = $request->getURIData('key');
$alt = PhabricatorEnv::getEnvConfig('security.alternate-file-domain');
$base_uri = PhabricatorEnv::getEnvConfig('phabricator.base-uri');
$alt_uri = new PhutilURI($alt);
$alt_domain = $alt_uri->getDomain();
$req_domain = $request->getHost();
$main_domain = id(new PhutilURI($base_uri))->getDomain();
if (!strlen($alt) || $main_domain == $alt_domain) {
// No alternate domain.
$should_redirect = false;
$is_alternate_domain = false;
} else {
if ($req_domain != $alt_domain) {
// Alternate domain, but this request is on the main domain.
$should_redirect = true;
$is_alternate_domain = false;
} else {
// Alternate domain, and on the alternate domain.
$should_redirect = false;
$is_alternate_domain = true;
}
}
$response = $this->loadFile();
if ($response) {
return $response;
}
$file = $this->getFile();
if ($should_redirect) {
return id(new AphrontRedirectResponse())->setIsExternal(true)->setURI($file->getCDNURI());
}
$response = new AphrontFileResponse();
$response->setCacheDurationInSeconds(60 * 60 * 24 * 30);
$response->setCanCDN($file->getCanCDN());
$begin = null;
$end = null;
// NOTE: It's important to accept "Range" requests when playing audio.
// If we don't, Safari has difficulty figuring out how long sounds are
// and glitches when trying to loop them. In particular, Safari sends
// an initial request for bytes 0-1 of the audio file, and things go south
// if we can't respond with a 206 Partial Content.
$range = $request->getHTTPHeader('range');
if ($range) {
$matches = null;
if (preg_match('/^bytes=(\\d+)-(\\d+)$/', $range, $matches)) {
// Note that the "Range" header specifies bytes differently than
// we do internally: the range 0-1 has 2 bytes (byte 0 and byte 1).
$begin = (int) $matches[1];
$end = (int) $matches[2] + 1;
$response->setHTTPResponseCode(206);
$response->setRange($begin, $end - 1);
}
}
$is_viewable = $file->isViewableInBrowser();
$force_download = $request->getExists('download');
$request_type = $request->getHTTPHeader('X-Phabricator-Request-Type');
$is_lfs = $request_type == 'git-lfs';
if ($is_viewable && !$force_download) {
$response->setMimeType($file->getViewableMimeType());
} else {
if (!$request->isHTTPPost() && !$is_alternate_domain && !$is_lfs) {
// NOTE: Require POST to download files from the primary domain. We'd
// rather go full-bore and do a real CSRF check, but can't currently
// authenticate users on the file domain. This should blunt any
// attacks based on iframes, script tags, applet tags, etc., at least.
// Send the user to the "info" page if they're using some other method.
// This is marked as "external" because it is fully qualified.
return id(new AphrontRedirectResponse())->setIsExternal(true)->setURI(PhabricatorEnv::getProductionURI($file->getBestURI()));
}
$response->setMimeType($file->getMimeType());
$response->setDownload($file->getName());
}
$iterator = $file->getFileDataIterator($begin, $end);
$response->setContentLength($file->getByteSize());
$response->setContentIterator($iterator);
return $response;
}
