public function testRemoteURIForLink() { $map = array('http://example.com/' => true, 'derp://example.com/' => false, 'javascript:alert(1)' => false, 'http://127.0.0.1/' => true, 'http://169.254.169.254/latest/meta-data/hostname' => true); foreach ($map as $uri => $expect) { $this->assertEqual($expect, PhabricatorEnv::isValidRemoteURIForLink($uri), pht('Valid linkable remote URI: %s', $uri)); } }
public function markupNavigation(array $matches) { if (!$this->isFlatText($matches[0])) { return $matches[0]; } $elements = ltrim($matches[1], ", \n"); $elements = explode('>', $elements); $defaults = array('name' => null, 'type' => 'link', 'href' => null, 'icon' => null); $sequence = array(); $parser = new PhutilSimpleOptions(); foreach ($elements as $element) { if (strpos($element, '=') === false) { $sequence[] = array('name' => trim($element)) + $defaults; } else { $sequence[] = $parser->parse($element) + $defaults; } } if ($this->getEngine()->isTextMode()) { return implode(' > ', ipull($sequence, 'name')); } static $icon_names; if (!$icon_names) { $icon_names = array_fuse(PHUIIconView::getIcons()); } $out = array(); foreach ($sequence as $item) { $item_name = $item['name']; $item_color = PHUITagView::COLOR_GREY; if ($item['type'] == 'instructions') { $item_name = phutil_tag('em', array(), $item_name); $item_color = PHUITagView::COLOR_INDIGO; } $tag = id(new PHUITagView())->setType(PHUITagView::TYPE_SHADE)->setShade($item_color)->setName($item_name); if ($item['icon']) { $icon_name = 'fa-' . $item['icon']; if (isset($icon_names[$icon_name])) { $tag->setIcon($icon_name); } } if ($item['href'] !== null) { if (PhabricatorEnv::isValidRemoteURIForLink($item['href'])) { $tag->setHref($item['href']); $tag->setExternal(true); } } $out[] = $tag; } if ($this->getEngine()->isHTMLMailMode()) { $arrow_attr = array('style' => 'color: #92969D;'); $nav_attr = array(); } else { $arrow_attr = array('class' => 'remarkup-nav-sequence-arrow'); $nav_attr = array('class' => 'remarkup-nav-sequence'); } $joiner = phutil_tag('span', $arrow_attr, " → "); $out = phutil_implode_html($joiner, $out); $out = phutil_tag('span', $nav_attr, $out); return $this->getEngine()->storeText($out); }
public function renderPropertyViewValue(array $handles) { $value = $this->getFieldValue(); if (!strlen($value)) { return null; } if (!PhabricatorEnv::isValidRemoteURIForLink($value)) { return $value; } return phutil_tag('a', array('href' => $value, 'target' => '_blank'), $value); }
public function render() { $account = $this->externalAccount; $provider = $this->provider; require_celerity_resource('auth-css'); $content = array(); $dispname = $account->getDisplayName(); $username = $account->getUsername(); $realname = $account->getRealName(); $use_name = null; if (strlen($dispname)) { $use_name = $dispname; } else { if (strlen($username) && strlen($realname)) { $use_name = $username . ' (' . $realname . ')'; } else { if (strlen($username)) { $use_name = $username; } else { if (strlen($realname)) { $use_name = $realname; } else { $use_name = $account->getAccountID(); } } } } $content[] = phutil_tag('div', array('class' => 'auth-account-view-name'), $use_name); if ($provider) { $prov_name = pht('%s Account', $provider->getProviderName()); } else { $prov_name = pht('"%s" Account', $account->getProviderType()); } $content[] = phutil_tag('div', array('class' => 'auth-account-view-provider-name'), array($prov_name, " · ", $account->getAccountID())); $account_uri = $account->getAccountURI(); if (strlen($account_uri)) { // Make sure we don't link a "javascript:" URI if a user somehow // managed to get one here. if (PhabricatorEnv::isValidRemoteURIForLink($account_uri)) { $account_uri = phutil_tag('a', array('href' => $account_uri, 'target' => '_blank'), $account_uri); } $content[] = phutil_tag('div', array('class' => 'auth-account-view-account-uri'), $account_uri); } $image_file = $account->getProfileImageFile(); $xform = PhabricatorFileTransform::getTransformByKey(PhabricatorFileThumbnailTransform::TRANSFORM_PROFILE); $image_uri = $image_file->getURIForTransform($xform); list($x, $y) = $xform->getTransformedDimensions($image_file); $profile_image = phutil_tag('div', array('class' => 'auth-account-view-profile-image', 'style' => 'background-image: url(' . $image_uri . ');')); return phutil_tag('div', array('class' => 'auth-account-view'), array($profile_image, $content)); }
public function appendImportProperties(PhabricatorUser $viewer, PhabricatorCalendarImport $import, PHUIPropertyListView $properties) { $uri_key = PhabricatorCalendarImportICSURITransaction::PARAMKEY_URI; $uri = $import->getParameter($uri_key); // Since the URI may contain a secret hash, don't show it to users who // can not edit the import. $can_edit = PhabricatorPolicyFilter::hasCapability($viewer, $import, PhabricatorPolicyCapability::CAN_EDIT); if (!$can_edit) { $uri_display = phutil_tag('em', array(), pht('Restricted')); } else { if (!PhabricatorEnv::isValidRemoteURIForLink($uri)) { $uri_display = $uri; } else { $uri_display = phutil_tag('a', array('href' => $uri, 'target' => '_blank'), $uri); } } $properties->addProperty(pht('Source URI'), $uri_display); }
/** * See http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-3.1.2 * for details on what makes a given redirect URI "valid". */ public function validateRedirectURI(PhutilURI $uri) { if (!PhabricatorEnv::isValidRemoteURIForLink($uri)) { return false; } if ($uri->getFragment()) { return false; } if (!$uri->getDomain()) { return false; } return true; }
private function newGitHubEventItemPropertyBox($item) { $viewer = $this->getViewer(); $property_list = id(new PHUIPropertyListView())->setViewer($viewer); $event = $this->newRawEvent($item); $property_list->addProperty(pht('GitHub Event ID'), $event->getID()); $event_uri = $event->getURI(); if ($event_uri && PhabricatorEnv::isValidRemoteURIForLink($event_uri)) { $event_uri = phutil_tag('a', array('href' => $event_uri), $event_uri); } if ($event_uri) { $property_list->addProperty(pht('GitHub Event URI'), $event_uri); } return id(new PHUIObjectBoxView())->setHeaderText(pht('Event Properties'))->setBackground(PHUIObjectBoxView::BLUE_PROPERTY)->appendChild($property_list); }