public function markupImage(array $matches) { if (!$this->isFlatText($matches[0])) { return $matches[0]; } $args = array(); $defaults = array('uri' => null, 'alt' => null, 'href' => null, 'width' => null, 'height' => null); $trimmed_match = trim($matches[2]); if ($this->isURI($trimmed_match)) { $args['uri'] = new PhutilURI($trimmed_match); } else { $parser = new PhutilSimpleOptions(); $keys = $parser->parse($trimmed_match); $uri_key = ''; foreach (array('src', 'uri', 'url') as $key) { if (array_key_exists($key, $keys)) { $uri_key = $key; } } if ($uri_key) { $args['uri'] = new PhutilURI($keys[$uri_key]); } $args += $keys; } $args += $defaults; if ($args['href'] && !PhabricatorEnv::isValidURIForLink($args['href'])) { $args['href'] = null; } if ($args['uri']) { $src_uri = id(new PhutilURI('/file/imageproxy/'))->setQueryParam('uri', (string) $args['uri']); $img = $this->newTag('img', array('src' => $src_uri, 'alt' => $args['alt'], 'href' => $args['href'], 'width' => $args['width'], 'height' => $args['height'])); return $this->getEngine()->storeText($img); } else { return $matches[0]; } }
private function renderFooter() { if (!$this->getShowChrome()) { return null; } if (!$this->getShowFooter()) { return null; } $items = PhabricatorEnv::getEnvConfig('ui.footer-items'); if (!$items) { return null; } $foot = array(); foreach ($items as $item) { $name = idx($item, 'name', pht('Unnamed Footer Item')); $href = idx($item, 'href'); if (!PhabricatorEnv::isValidURIForLink($href)) { $href = null; } if ($href !== null) { $tag = 'a'; } else { $tag = 'span'; } $foot[] = phutil_tag($tag, array('href' => $href), $name); } $foot = phutil_implode_html(" · ", $foot); return phutil_tag('div', array('class' => 'phabricator-standard-page-footer grouped'), $foot); }
private function isValidLinkURI($uri) { return PhabricatorEnv::isValidURIForLink($uri); }
/** * Format a URI for use in a "Location:" header. * * Verifies that a URI redirects to the expected type of resource (local or * remote) and formats it for use in a "Location:" header. * * The HTTP spec says "Location:" headers must use absolute URIs. Although * browsers work with relative URIs, we return absolute URIs to avoid * ambiguity. For example, Chrome interprets "Location: /\evil.com" to mean * "perform a protocol-relative redirect to evil.com". * * @param string URI to redirect to. * @param bool True if this URI identifies a remote resource. * @return string URI for use in a "Location:" header. */ public static function getURIForRedirect($uri, $is_external) { $uri_object = new PhutilURI($uri); if ($is_external) { // If this is a remote resource it must have a domain set. This // would also be caught below, but testing for it explicitly first allows // us to raise a better error message. if (!strlen($uri_object->getDomain())) { throw new Exception(pht('Refusing to redirect to external URI "%s". This URI ' . 'is not fully qualified, and is missing a domain name. To ' . 'redirect to a local resource, remove the external flag.', (string) $uri)); } // Check that it's a valid remote resource. if (!PhabricatorEnv::isValidURIForLink($uri)) { throw new Exception(pht('Refusing to redirect to external URI "%s". This URI ' . 'is not a valid remote web resource.', (string) $uri)); } } else { // If this is a local resource, it must not have a domain set. This allows // us to raise a better error message than the check below can. if (strlen($uri_object->getDomain())) { throw new Exception(pht('Refusing to redirect to local resource "%s". The URI has a ' . 'domain, but the redirect is not marked external. Mark ' . 'redirects as external to allow redirection off the local ' . 'domain.', (string) $uri)); } // If this is a local resource, it must be a valid local resource. if (!PhabricatorEnv::isValidLocalURIForLink($uri)) { throw new Exception(pht('Refusing to redirect to local resource "%s". This URI is not ' . 'formatted in a recognizable way.', (string) $uri)); } // Fully qualify the result URI. $uri = PhabricatorEnv::getURI((string) $uri); } return (string) $uri; }