Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F15384991
D16986.id40866.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
2 KB
Referenced Files
None
Subscribers
None
D16986.id40866.diff
View Options
diff --git a/src/applications/config/option/PhabricatorSecurityConfigOptions.php b/src/applications/config/option/PhabricatorSecurityConfigOptions.php
--- a/src/applications/config/option/PhabricatorSecurityConfigOptions.php
+++ b/src/applications/config/option/PhabricatorSecurityConfigOptions.php
@@ -23,8 +23,8 @@
$doc_href = PhabricatorEnv::getDoclink('Configuring a File Domain');
$doc_name = pht('Configuration Guide: Configuring a File Domain');
- // This is all of the IANA special/reserved blocks in IPv4 space.
$default_address_blacklist = array(
+ // This is all of the IANA special/reserved blocks in IPv4 space.
'0.0.0.0/8',
'10.0.0.0/8',
'100.64.0.0/10',
@@ -41,6 +41,21 @@
'224.0.0.0/4',
'240.0.0.0/4',
'255.255.255.255/32',
+
+ // And these are the IANA special/reserved blocks in IPv6 space.
+ '::/128',
+ '::1/128',
+ '::ffff:0:0/96',
+ '100::/64',
+ '64:ff9b::/96',
+ '2001::/32',
+ '2001:10::/28',
+ '2001:20::/28',
+ '2001:db8::/32',
+ '2002::/16',
+ 'fc00::/7',
+ 'fe80::/10',
+ 'ff00::/8',
);
$keyring_type = 'custom:PhabricatorKeyringConfigOptionType';
diff --git a/src/infrastructure/env/PhabricatorEnv.php b/src/infrastructure/env/PhabricatorEnv.php
--- a/src/infrastructure/env/PhabricatorEnv.php
+++ b/src/infrastructure/env/PhabricatorEnv.php
@@ -737,10 +737,10 @@
* @task uri
*/
public static function requireValidRemoteURIForFetch(
- $uri,
+ $raw_uri,
array $protocols) {
- $uri = new PhutilURI($uri);
+ $uri = new PhutilURI($raw_uri);
$proto = $uri->getProtocol();
if (!strlen($proto)) {
@@ -748,7 +748,7 @@
pht(
'URI "%s" is not a valid fetchable resource. A valid fetchable '.
'resource URI must specify a protocol.',
- $uri));
+ $raw_uri));
}
$protocols = array_fuse($protocols);
@@ -757,7 +757,7 @@
pht(
'URI "%s" is not a valid fetchable resource. A valid fetchable '.
'resource URI must use one of these protocols: %s.',
- $uri,
+ $raw_uri,
implode(', ', array_keys($protocols))));
}
@@ -767,7 +767,7 @@
pht(
'URI "%s" is not a valid fetchable resource. A valid fetchable '.
'resource URI must specify a domain.',
- $uri));
+ $raw_uri));
}
$addresses = gethostbynamel($domain);
@@ -776,7 +776,7 @@
pht(
'URI "%s" is not a valid fetchable resource. The domain "%s" could '.
'not be resolved.',
- $uri,
+ $raw_uri,
$domain));
}
@@ -787,7 +787,7 @@
'URI "%s" is not a valid fetchable resource. The domain "%s" '.
'resolves to the address "%s", which is blacklisted for '.
'outbound requests.',
- $uri,
+ $raw_uri,
$domain,
$address));
}
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sat, Mar 15, 9:22 PM (1 w, 5 h ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
7703857
Default Alt Text
D16986.id40866.diff (2 KB)
Attached To
Mode
D16986: Add IPv6 reserved addresses to the default outbound blacklist
Attached
Detach File
Event Timeline
Log In to Comment