Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F13246586
D17134.id41209.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
1 KB
Referenced Files
None
Subscribers
None
D17134.id41209.diff
View Options
diff --git a/src/aphront/AphrontRequest.php b/src/aphront/AphrontRequest.php
--- a/src/aphront/AphrontRequest.php
+++ b/src/aphront/AphrontRequest.php
@@ -548,7 +548,31 @@
public function getAbsoluteRequestURI() {
$uri = $this->getRequestURI();
$uri->setDomain($this->getHost());
- $uri->setProtocol($this->isHTTPS() ? 'https' : 'http');
+
+ if ($this->isHTTPS()) {
+ $protocol = 'https';
+ } else {
+ $protocol = 'http';
+ }
+
+ $uri->setProtocol($protocol);
+
+ // If the request used a nonstandard port, preserve it while building the
+ // absolute URI.
+
+ // First, get the default port for the request protocol.
+ $default_port = id(new PhutilURI($protocol.'://example.com/'))
+ ->getPortWithProtocolDefault();
+
+ // NOTE: See note in getHost() about malicious "Host" headers. This
+ // construction defuses some obscure potential attacks.
+ $port = id(new PhutilURI($protocol.'://'.$this->host))
+ ->getPort();
+
+ if (($port !== null) && ($port !== $default_port)) {
+ $uri->setPort($port);
+ }
+
return $uri;
}
File Metadata
Details
Attached
Mime Type
text/plain
Expires
May 24 2024, 11:46 AM (4 w, 4 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6276457
Default Alt Text
D17134.id41209.diff (1 KB)
Attached To
Mode
D17134: Preserve nonstandard ports during 404 redirects which add "/" to the ends of URIs
Attached
Detach File
Event Timeline
Log In to Comment