public function markupImage(array $matches)
{
if (!$this->isFlatText($matches[0])) {
return $matches[0];
}
$args = array();
$defaults = array('uri' => null, 'alt' => null, 'href' => null, 'width' => null, 'height' => null);
$trimmed_match = trim($matches[2]);
if ($this->isURI($trimmed_match)) {
$args['uri'] = new PhutilURI($trimmed_match);
} else {
$parser = new PhutilSimpleOptions();
$keys = $parser->parse($trimmed_match);
$uri_key = '';
foreach (array('src', 'uri', 'url') as $key) {
if (array_key_exists($key, $keys)) {
$uri_key = $key;
}
}
if ($uri_key) {
$args['uri'] = new PhutilURI($keys[$uri_key]);
}
$args += $keys;
}
$args += $defaults;
if ($args['href'] && !PhabricatorEnv::isValidURIForLink($args['href'])) {
$args['href'] = null;
}
if ($args['uri']) {
$src_uri = id(new PhutilURI('/file/imageproxy/'))->setQueryParam('uri', (string) $args['uri']);
$img = $this->newTag('img', array('src' => $src_uri, 'alt' => $args['alt'], 'href' => $args['href'], 'width' => $args['width'], 'height' => $args['height']));
return $this->getEngine()->storeText($img);
} else {
return $matches[0];
}
}
private function renderFooter()
{
if (!$this->getShowChrome()) {
return null;
}
if (!$this->getShowFooter()) {
return null;
}
$items = PhabricatorEnv::getEnvConfig('ui.footer-items');
if (!$items) {
return null;
}
$foot = array();
foreach ($items as $item) {
$name = idx($item, 'name', pht('Unnamed Footer Item'));
$href = idx($item, 'href');
if (!PhabricatorEnv::isValidURIForLink($href)) {
$href = null;
}
if ($href !== null) {
$tag = 'a';
} else {
$tag = 'span';
}
$foot[] = phutil_tag($tag, array('href' => $href), $name);
}
$foot = phutil_implode_html(" · ", $foot);
return phutil_tag('div', array('class' => 'phabricator-standard-page-footer grouped'), $foot);
}
private function isValidLinkURI($uri)
{
return PhabricatorEnv::isValidURIForLink($uri);
}
/**
* Format a URI for use in a "Location:" header.
*
* Verifies that a URI redirects to the expected type of resource (local or
* remote) and formats it for use in a "Location:" header.
*
* The HTTP spec says "Location:" headers must use absolute URIs. Although
* browsers work with relative URIs, we return absolute URIs to avoid
* ambiguity. For example, Chrome interprets "Location: /\evil.com" to mean
* "perform a protocol-relative redirect to evil.com".
*
* @param string URI to redirect to.
* @param bool True if this URI identifies a remote resource.
* @return string URI for use in a "Location:" header.
*/
public static function getURIForRedirect($uri, $is_external)
{
$uri_object = new PhutilURI($uri);
if ($is_external) {
// If this is a remote resource it must have a domain set. This
// would also be caught below, but testing for it explicitly first allows
// us to raise a better error message.
if (!strlen($uri_object->getDomain())) {
throw new Exception(pht('Refusing to redirect to external URI "%s". This URI ' . 'is not fully qualified, and is missing a domain name. To ' . 'redirect to a local resource, remove the external flag.', (string) $uri));
}
// Check that it's a valid remote resource.
if (!PhabricatorEnv::isValidURIForLink($uri)) {
throw new Exception(pht('Refusing to redirect to external URI "%s". This URI ' . 'is not a valid remote web resource.', (string) $uri));
}
} else {
// If this is a local resource, it must not have a domain set. This allows
// us to raise a better error message than the check below can.
if (strlen($uri_object->getDomain())) {
throw new Exception(pht('Refusing to redirect to local resource "%s". The URI has a ' . 'domain, but the redirect is not marked external. Mark ' . 'redirects as external to allow redirection off the local ' . 'domain.', (string) $uri));
}
// If this is a local resource, it must be a valid local resource.
if (!PhabricatorEnv::isValidLocalURIForLink($uri)) {
throw new Exception(pht('Refusing to redirect to local resource "%s". This URI is not ' . 'formatted in a recognizable way.', (string) $uri));
}
// Fully qualify the result URI.
$uri = PhabricatorEnv::getURI((string) $uri);
}
return (string) $uri;
}
