protected static function isValidUri($uri) { if (trim($uri) == '') { return false; } if (strpos($uri, "") !== false) { return false; } if (strpos($uri, '/') !== 0) { return false; } if (CHTTP::isPathTraversalUri($uri)) { return false; } return true; }
{ $url = $requestUri = $_SERVER["REQUEST_URI"] = $REQUEST_URI = ""; $_GET = array(); $_REQUEST = array(); $_SERVER["QUERY_STRING"] = $QUERY_STRING = ""; } $HTTP_GET_VARS = $_GET; $sUrlPath = GetPagePath(); $strNavQueryString = DeleteParam(array("SEF_APPLICATION_CUR_PAGE_URL")); if($strNavQueryString != "") $sUrlPath = $sUrlPath."?".$strNavQueryString; // define("POST_FORM_ACTION_URI", htmlspecialcharsbx("/bitrix/urlrewrite.php?SEF_APPLICATION_CUR_PAGE_URL=".urlencode($sUrlPath))); } if (!CHTTP::isPathTraversalUri($_SERVER["REQUEST_URI"])) { foreach($arUrlRewrite as $val) { if(preg_match($val["CONDITION"], $requestUri)) { if (strlen($val["RULE"]) > 0) $url = preg_replace($val["CONDITION"], (strlen($val["PATH"]) > 0 ? $val["PATH"]."?" : "").$val["RULE"], $requestUri); else $url = $val["PATH"]; if(($pos=strpos($url, "?"))!==false) { $params = substr($url, $pos+1); parse_str($params, $vars); unset($vars["SEF_APPLICATION_CUR_PAGE_URL"]);
public static function TryResolveFile($var, &$file, $options = array()) { if (!is_array($options)) { $options = array(); } $result = null; if (is_array($var)) { if (isset($options['ENABLE_UPLOAD']) && $options['ENABLE_UPLOAD'] && self::IsUploadedFile($var)) { $result = $var; } } elseif (is_numeric($var)) { if (isset($options['ENABLE_ID']) && $options['ENABLE_ID']) { $result = CFile::MakeFileArray($var); } } elseif (is_string($var)) { $path = CCrmUrlUtil::ToAbsoluteUrl($var); //Parent directories and not secure URLs are not allowed. if ($path !== '' && !CHTTP::isPathTraversalUri($path) && CCrmUrlUtil::IsSecureUrl($path)) { $result = CFile::MakeFileArray($path); } } if (is_array($result)) { $result['MODULE_ID'] = 'crm'; $file = $result; return true; } return false; }