public function markupDocumentLink($matches) { $link = trim($matches[1]); $name = trim(idx($matches, 2, $link)); if (empty($matches[2])) { $name = explode('/', trim($name, '/')); $name = end($name); } $uri = new PhutilURI($link); $slug = $uri->getPath(); $fragment = $uri->getFragment(); $slug = PhabricatorSlug::normalize($slug); $slug = PhrictionDocument::getSlugURI($slug); $href = (string) id(new PhutilURI($slug))->setFragment($fragment); if ($this->getEngine()->getState('toc')) { $text = $name; } else { if ($this->getEngine()->isTextMode()) { return PhabricatorEnv::getProductionURI($href); } else { $text = $this->newTag('a', array('href' => $href, 'class' => 'phriction-link'), $name); } } return $this->getEngine()->storeText($text); }
public function testURIParsing() { $uri = new PhutilURI('http://*****:*****@host:99/path/?query=value#fragment'); $this->assertEqual('http', $uri->getProtocol(), pht('protocol')); $this->assertEqual('user', $uri->getUser(), pht('user')); $this->assertEqual('pass', $uri->getPass(), pht('password')); $this->assertEqual('host', $uri->getDomain(), pht('domain')); $this->assertEqual('99', $uri->getPort(), pht('port')); $this->assertEqual('/path/', $uri->getPath(), pht('path')); $this->assertEqual(array('query' => 'value'), $uri->getQueryParams(), 'query params'); $this->assertEqual('fragment', $uri->getFragment(), pht('fragment')); $this->assertEqual('http://*****:*****@host:99/path/?query=value#fragment', (string) $uri, 'uri'); $uri = new PhutilURI('ssh://git@example.com/example/example.git'); $this->assertEqual('ssh', $uri->getProtocol(), pht('protocol')); $this->assertEqual('git', $uri->getUser(), pht('user')); $this->assertEqual('', $uri->getPass(), pht('password')); $this->assertEqual('example.com', $uri->getDomain(), pht('domain')); $this->assertEqual('', $uri->getPort(), 'port'); $this->assertEqual('/example/example.git', $uri->getPath(), pht('path')); $this->assertEqual(array(), $uri->getQueryParams(), pht('query parameters')); $this->assertEqual('', $uri->getFragment(), pht('fragment')); $this->assertEqual('ssh://git@example.com/example/example.git', (string) $uri, 'uri'); $uri = new PhutilURI('http://0@domain.com/'); $this->assertEqual('0', $uri->getUser()); $this->assertEqual('http://0@domain.com/', (string) $uri); $uri = new PhutilURI('http://*****:*****@domain.com/'); $this->assertEqual('0', $uri->getUser()); $this->assertEqual('0', $uri->getPass()); $this->assertEqual('http://*****:*****@domain.com/', (string) $uri); $uri = new PhutilURI('http://%20:%20@domain.com/'); $this->assertEqual(' ', $uri->getUser()); $this->assertEqual(' ', $uri->getPass()); $this->assertEqual('http://%20:%20@domain.com/', (string) $uri); $uri = new PhutilURI('http://%40:%40@domain.com/'); $this->assertEqual('@', $uri->getUser()); $this->assertEqual('@', $uri->getPass()); $this->assertEqual('http://%40:%40@domain.com/', (string) $uri); // These tests are covering cases where cURL and parse_url() behavior // may differ in potentially dangerous ways. See T6755 for discussion. // In general, we defuse these attacks by emitting URIs which escape // special characters so that they are interpreted unambiguously by // cURL in the same way that parse_url() interpreted them. $uri = new PhutilURI('http://*****:*****@evil.com?@good.com'); $this->assertEqual('u', $uri->getUser()); $this->assertEqual('p', $uri->getPass()); $this->assertEqual('evil.com', $uri->getDomain()); $this->assertEqual('http://*****:*****@evil.com?%40good.com=', (string) $uri); $uri = new PhutilURI('http://good.com#u:p@evil.com/'); $this->assertEqual('good.com#u', $uri->getUser()); $this->assertEqual('p', $uri->getPass()); $this->assertEqual('evil.com', $uri->getDomain()); $this->assertEqual('http://good.com%23u:p@evil.com/', (string) $uri); $uri = new PhutilURI('http://good.com?u:p@evil.com/'); $this->assertEqual('', $uri->getUser()); $this->assertEqual('', $uri->getPass()); $this->assertEqual('good.com', $uri->getDomain()); $this->assertEqual('http://good.com?u%3Ap%40evil.com%2F=', (string) $uri); }
public function testURIParsing() { $uri = new PhutilURI('http://*****:*****@host:99/path/?query=value#fragment'); $this->assertEqual('http', $uri->getProtocol(), 'protocol'); $this->assertEqual('user', $uri->getUser(), 'user'); $this->assertEqual('pass', $uri->getPass(), 'pass'); $this->assertEqual('host', $uri->getDomain(), 'domain'); $this->assertEqual('99', $uri->getPort(), 'port'); $this->assertEqual('/path/', $uri->getPath(), 'path'); $this->assertEqual(array('query' => 'value'), $uri->getQueryParams(), 'query params'); $this->assertEqual('fragment', $uri->getFragment(), 'fragment'); $this->assertEqual('http://*****:*****@host:99/path/?query=value#fragment', (string) $uri, 'uri'); $uri = new PhutilURI('ssh://git@example.com/example/example.git'); $this->assertEqual('ssh', $uri->getProtocol(), 'protocol'); $this->assertEqual('git', $uri->getUser(), 'user'); $this->assertEqual('', $uri->getPass(), 'pass'); $this->assertEqual('example.com', $uri->getDomain(), 'domain'); $this->assertEqual('', $uri->getPort(), 'port'); $this->assertEqual('/example/example.git', $uri->getPath(), 'path'); $this->assertEqual(array(), $uri->getQueryParams(), 'query params'); $this->assertEqual('', $uri->getFragment(), 'fragment'); $this->assertEqual('ssh://git@example.com/example/example.git', (string) $uri, 'uri'); $uri = new PhutilURI('http://0@domain.com/'); $this->assertEqual('0', $uri->getUser()); $this->assertEqual('http://0@domain.com/', (string) $uri); $uri = new PhutilURI('http://*****:*****@domain.com/'); $this->assertEqual('0', $uri->getUser()); $this->assertEqual('0', $uri->getPass()); $this->assertEqual('http://*****:*****@domain.com/', (string) $uri); $uri = new PhutilURI('http://%20:%20@domain.com/'); $this->assertEqual(' ', $uri->getUser()); $this->assertEqual(' ', $uri->getPass()); $this->assertEqual('http://%20:%20@domain.com/', (string) $uri); $uri = new PhutilURI('http://%40:%40@domain.com/'); $this->assertEqual('@', $uri->getUser()); $this->assertEqual('@', $uri->getPass()); $this->assertEqual('http://%40:%40@domain.com/', (string) $uri); }
/** * See http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-3.1.2 * for details on what makes a given redirect URI "valid". */ public function assertValidRedirectURI($raw_uri) { // This covers basics like reasonable formatting and the existence of a // protocol. PhabricatorEnv::requireValidRemoteURIForLink($raw_uri); $uri = new PhutilURI($raw_uri); $fragment = $uri->getFragment(); if (strlen($fragment)) { throw new Exception(pht('OAuth application redirect URIs must not contain URI ' . 'fragments, but the URI "%s" has a fragment ("%s").', $raw_uri, $fragment)); } $protocol = $uri->getProtocol(); switch ($protocol) { case 'http': case 'https': break; default: throw new Exception(pht('OAuth application redirect URIs must only use the "http" or ' . '"https" protocols, but the URI "%s" uses the "%s" protocol.', $raw_uri, $protocol)); } }