public function makeReturnToUrl(HTTPRequest $request, $url)
{
$urlToken = parse_url($url);
$finaleUrl = '';
$server_url = '';
if (array_key_exists('host', $urlToken) && $urlToken['host']) {
$server_url = $urlToken['scheme'] . '://' . $urlToken['host'];
if (array_key_exists('port', $urlToken) && $urlToken['port']) {
$server_url .= ':' . $urlToken['port'];
}
} else {
if ($request->isSSL() && $this->shouldRedirectToHTTP($request)) {
$server_url = 'http://' . $GLOBALS['sys_default_domain'];
}
}
$finaleUrl = $server_url;
if (array_key_exists('path', $urlToken) && $urlToken['path']) {
$finaleUrl .= $urlToken['path'];
}
if ($request->existAndNonEmpty('return_to')) {
$return_to_parameter = 'return_to=';
/*
* We do not want redirect to an external website
* @see https://cwe.mitre.org/data/definitions/601.html
*/
$url_verifier = new URLVerification();
if ($url_verifier->isInternal($request->get('return_to'))) {
$return_to_parameter .= $request->get('return_to');
} else {
$return_to_parameter .= '/';
}
if (array_key_exists('query', $urlToken) && $urlToken['query']) {
$finaleUrl .= '?' . $urlToken['query'] . '&' . $return_to_parameter;
} else {
$finaleUrl .= '?' . $return_to_parameter;
}
if (strstr($request->get('return_to'), 'pv=2')) {
$finaleUrl .= '&pv=2';
}
} else {
if (array_key_exists('query', $urlToken) && $urlToken['query']) {
$finaleUrl .= '?' . $urlToken['query'];
}
}
if (array_key_exists('fragment', $urlToken) && $urlToken['fragment']) {
$finaleUrl .= '#' . $urlToken['fragment'];
}
return $finaleUrl;
}
/**
* Ensure given user can access given project
*
* @param PFUser $user
* @param Project $project
* @return boolean
* @throws Project_AccessProjectNotFoundException
* @throws Project_AccessDeletedException
* @throws Project_AccessRestrictedException
* @throws Project_AccessPrivateException
*/
public function userCanAccessProject(PFUser $user, Project $project)
{
$tracker_manager = new TrackerManager();
if ($tracker_manager->userCanAdminAllProjectTrackers($user)) {
return true;
}
return parent::userCanAccessProject($user, $project);
}
/**
* Checks if the URL is valid or not and throw an error if needed.
*
* Assume it's an url to be taken into account by this class. The conditions are:
* - The used host is defined as webdav host
* - The webdav host is different of default host (defined by sys_default_domain or sys_https_host)
*
* For the second point, this is to avoid the webdav URL checker override
* default url checker for the web part. For instance, if sys_default_domain is example.com
* and webdav host is also example.com, the webdav url verification will be used to test
* access to example.com/tracker/... instead of default url checker.
*
* @see URLVerification#assertValidUrl($server)
*
* @param Array $server
*
* @return void
*/
public function assertValidUrl($server)
{
if (strcmp($server['HTTP_HOST'], $this->getWebDAVHost()) == 0 && strcmp($this->getWebDAVHost(), $GLOBALS['sys_default_domain']) != 0 && strcmp($this->getWebDAVHost(), $GLOBALS['sys_https_host']) != 0) {
if (!$this->isUsingSSL($server) && $GLOBALS['sys_force_ssl'] == 1) {
$this->forbiddenError();
}
} else {
parent::assertValidUrl($server);
}
}
/**
* Get a project repository by its id
*
* @return GitRepository the repository or null if not found
*/
public function getRepositoryByIdUserCanSee(PFUser $user, $id)
{
if ($id == GitRepositoryGitoliteAdmin::ID) {
return new GitRepositoryGitoliteAdmin();
}
$dar = $this->dao->searchProjectRepositoryById($id);
$repository = $this->getRepositoryFromDar($dar);
if ($repository === null) {
throw new GitRepoNotFoundException();
}
$project = $repository->getProject();
$url_verification = new URLVerification();
try {
$url_verification->userCanAccessProject($user, $project);
} catch (Exception $exception) {
throw $exception;
}
if (!$repository->userCanRead($user)) {
throw new GitRepoNotReadableException();
}
return $repository;
}
public function getSearchResults(array $result)
{
$results = array();
$validator = new ElasticSearch_1_2_ResultValidator();
if (!isset($result['hits']['hits'])) {
return $results;
}
$user = $this->user_manager->getCurrentUser();
foreach ($result['hits']['hits'] as $hit) {
$project = $this->project_manager->getProject($this->extractGroupIdFromHit($hit));
$index = $this->extractIndexFromHit($hit);
if ($project->isError()) {
continue;
}
try {
$this->url_verification->userCanAccessProject($user, $project);
} catch (Project_AccessPrivateException $exception) {
continue;
}
switch ($index) {
case fulltextsearchPlugin::SEARCH_DOCMAN_TYPE:
if (!$validator->isDocmanResultValid($hit)) {
continue;
}
$results[] = new ElasticSearch_SearchResultDocman($hit, $project);
break;
case fulltextsearchPlugin::SEARCH_WIKI_TYPE:
if (!$validator->isWikiResultValid($hit)) {
continue;
}
$wiki = new Wiki($project->getID());
if ($wiki->isAutorized($user->getId())) {
$results[] = new ElasticSearch_SearchResultWiki($hit, $project);
}
break;
case fulltextsearchPlugin::SEARCH_TRACKER_TYPE:
if (!$validator->isArtifactResultValid($hit)) {
continue;
}
$artifact = Tracker_ArtifactFactory::instance()->getArtifactById($hit['fields']['id'][0]);
if ($artifact->userCanView($user)) {
$results[] = new ElasticSearch_SearchResultTracker($hit, $project, $artifact);
}
break;
default:
}
}
return $results;
}
public function restrictedUserCanAccessUrl($user, $url, $request_uri, $script_name)
{
return parent::restrictedUserCanAccessUrl($user, $url, $request_uri, $script_name);
}
function testVerifyHostInvalidHostForceSslEquals1()
{
$server = array('HTTP_HOST' => 'test.codendi.org', 'SERVER_NAME' => 'test.codendi.org', 'HTTPS' => 'on', 'SCRIPT_NAME' => '');
$GLOBALS['sys_force_ssl'] = 1;
$GLOBALS['sys_default_domain'] = 'codendi.org';
$GLOBALS['sys_https_host'] = 'secure.codendi.org';
$urlVerification = new URLVerification();
$urlVerification->verifyHost($server);
$chunks = $urlVerification->getUrlChunks();
$this->assertEqual($chunks['host'], 'secure.codendi.org');
}
private function needAuthentication(GitRepository $repository, Git_URL $url)
{
return $this->url_verification->doesPlatformRequireLogin() || $this->isGitPush($url) || !$this->canBeReadByAnonymous($repository) || $this->isInPrivateProject($repository);
}
/**
* Always permit requests for localhost, or for api or soap scripts and for system tracker templates
*
* @param Array $server
*
* @return Boolean
*/
function isException($server)
{
$userRequestsDefaultTemplates = $server['REQUEST_URI'] == TRACKER_BASE_URL . '/index.php?group_id=100' && HTTPRequest::instance()->isAjax();
return $userRequestsDefaultTemplates || parent::isException($server);
}
function getPageChangeEmails($notify)
{
$emails = array();
$userids = array();
foreach ($notify as $page => $users) {
if (glob_match($page, $this->_pagename)) {
foreach ($users as $userid => $user) {
$um = UserManager::instance();
$dbUser = $um->getUserByUserName($userid);
$wiki = new Wiki($_REQUEST['group_id']);
$wp = new WikiPage($_REQUEST['group_id'], $_REQUEST['pagename']);
$project = ProjectManager::instance()->getProject($_REQUEST['group_id']);
$url_verifier = new URLVerification();
$user_can_access_project = false;
try {
$user_can_access_project = $dbUser !== null && $url_verifier->userCanAccessProject($dbUser, $project);
} catch (Project_AccessException $e) {
continue;
}
if ($user_can_access_project && $wiki->isAutorized($dbUser->getId()) && $wp->isAutorized($dbUser->getId())) {
if (!$user) {
// handle the case for ModeratePage: no prefs, just userid's.
global $request;
$u = $request->getUser();
if ($u->UserName() == $userid) {
$prefs = $u->getPreferences();
} else {
// not current user
if (ENABLE_USER_NEW) {
$u = WikiUser($userid);
$u->getPreferences();
$prefs =& $u->_prefs;
} else {
$u = new WikiUser($GLOBALS['request'], $userid);
$prefs = $u->getPreferences();
}
}
$emails[] = user_getemail_from_unix($userid);
$userids[] = $userid;
} else {
if (!empty($user['verified']) and !empty($user['email'])) {
$emails[] = user_getemail_from_unix($userid);
$userids[] = $userid;
} elseif (!empty($user['email'])) {
global $request;
// do a dynamic emailVerified check update
$u = $request->getUser();
if ($u->UserName() == $userid) {
if ($request->_prefs->get('emailVerified')) {
$emails[] = user_getemail_from_unix($userid);
$userids[] = $userid;
$notify[$page][$userid]['verified'] = 1;
$request->_dbi->set('notify', $notify);
}
} else {
// not current user
if (ENABLE_USER_NEW) {
$u = WikiUser($userid);
$u->getPreferences();
$prefs =& $u->_prefs;
} else {
$u = new WikiUser($GLOBALS['request'], $userid);
$prefs = $u->getPreferences();
}
if ($prefs->get('emailVerified')) {
$emails[] = user_getemail_from_unix($userid);
$userids[] = $userid;
$notify[$page][$userid]['verified'] = 1;
$request->_dbi->set('notify', $notify);
}
}
// ignore verification
/*
if (DEBUG) {
if (!in_array($user['email'],$emails))
$emails[] = $user['email'];
}
*/
}
}
}
}
}
}
$emails = array_unique($emails);
$userids = array_unique($userids);
return array($emails, $userids);
}
require 'pre.php';
$hp = Codendi_HTMLPurifier::instance();
$vPv = new Valid_Pv();
if ($request->valid($vPv) && $request->get('pv') == 2) {
$pv = 2;
$HTML->pv_header(array());
} else {
$pv = 0;
site_header(array('title' => $Language->getText('my_redirect', 'page_title')));
}
$vReturnTo = new Valid_String('return_to');
$vReturnTo->required();
if ($request->valid($vReturnTo)) {
// Re-serialize feedback to display it on the 'return_to' page.
$HTML->_serializeFeedback();
$url_verifier = new URLVerification();
$return_url = '/';
if ($url_verifier->isInternal($request->get('return_to'))) {
$return_url = $request->get('return_to');
}
$redirect = $Language->getText('my_redirect', 'return_to', array($hp->purify($return_url, CODENDI_PURIFIER_CONVERT_HTML)));
print '
<script type="text/javascript">
function return_to_url() {
window.location="' . $hp->purify($return_url, CODENDI_PURIFIER_JS_QUOTE) . '";
}
setTimeout("return_to_url()",1000);
</script>
';
} else {
