protected static function isValidUri($uri)
{
if (trim($uri) == '') {
return false;
}
if (strpos($uri, "") !== false) {
return false;
}
if (strpos($uri, '/') !== 0) {
return false;
}
if (CHTTP::isPathTraversalUri($uri)) {
return false;
}
return true;
}
{
$url = $requestUri = $_SERVER["REQUEST_URI"] = $REQUEST_URI = "";
$_GET = array();
$_REQUEST = array();
$_SERVER["QUERY_STRING"] = $QUERY_STRING = "";
}
$HTTP_GET_VARS = $_GET;
$sUrlPath = GetPagePath();
$strNavQueryString = DeleteParam(array("SEF_APPLICATION_CUR_PAGE_URL"));
if($strNavQueryString != "")
$sUrlPath = $sUrlPath."?".$strNavQueryString;
// define("POST_FORM_ACTION_URI", htmlspecialcharsbx("/bitrix/urlrewrite.php?SEF_APPLICATION_CUR_PAGE_URL=".urlencode($sUrlPath)));
}
if (!CHTTP::isPathTraversalUri($_SERVER["REQUEST_URI"]))
{
foreach($arUrlRewrite as $val)
{
if(preg_match($val["CONDITION"], $requestUri))
{
if (strlen($val["RULE"]) > 0)
$url = preg_replace($val["CONDITION"], (strlen($val["PATH"]) > 0 ? $val["PATH"]."?" : "").$val["RULE"], $requestUri);
else
$url = $val["PATH"];
if(($pos=strpos($url, "?"))!==false)
{
$params = substr($url, $pos+1);
parse_str($params, $vars);
unset($vars["SEF_APPLICATION_CUR_PAGE_URL"]);
public static function TryResolveFile($var, &$file, $options = array())
{
if (!is_array($options)) {
$options = array();
}
$result = null;
if (is_array($var)) {
if (isset($options['ENABLE_UPLOAD']) && $options['ENABLE_UPLOAD'] && self::IsUploadedFile($var)) {
$result = $var;
}
} elseif (is_numeric($var)) {
if (isset($options['ENABLE_ID']) && $options['ENABLE_ID']) {
$result = CFile::MakeFileArray($var);
}
} elseif (is_string($var)) {
$path = CCrmUrlUtil::ToAbsoluteUrl($var);
//Parent directories and not secure URLs are not allowed.
if ($path !== '' && !CHTTP::isPathTraversalUri($path) && CCrmUrlUtil::IsSecureUrl($path)) {
$result = CFile::MakeFileArray($path);
}
}
if (is_array($result)) {
$result['MODULE_ID'] = 'crm';
$file = $result;
return true;
}
return false;
}
