Changeset View
Changeset View
Standalone View
Standalone View
src/aphront/response/AphrontRedirectResponse.php
| Show First 20 Lines • Show All 121 Lines • ▼ Show 20 Lines | if ($is_external) { | ||||
| pht( | pht( | ||||
| 'Refusing to redirect to external URI "%s". This URI '. | 'Refusing to redirect to external URI "%s". This URI '. | ||||
| 'is not fully qualified, and is missing a domain name. To '. | 'is not fully qualified, and is missing a domain name. To '. | ||||
| 'redirect to a local resource, remove the external flag.', | 'redirect to a local resource, remove the external flag.', | ||||
| (string)$uri)); | (string)$uri)); | ||||
| } | } | ||||
| // Check that it's a valid remote resource. | // Check that it's a valid remote resource. | ||||
| if (!PhabricatorEnv::isValidRemoteWebResource($uri)) { | if (!PhabricatorEnv::isValidURIForLink($uri)) { | ||||
| throw new Exception( | throw new Exception( | ||||
| pht( | pht( | ||||
| 'Refusing to redirect to external URI "%s". This URI '. | 'Refusing to redirect to external URI "%s". This URI '. | ||||
| 'is not a valid remote web resource.', | 'is not a valid remote web resource.', | ||||
| (string)$uri)); | (string)$uri)); | ||||
| } | } | ||||
| } else { | } else { | ||||
| // If this is a local resource, it must not have a domain set. This allows | // If this is a local resource, it must not have a domain set. This allows | ||||
| // us to raise a better error message than the check below can. | // us to raise a better error message than the check below can. | ||||
| if (strlen($uri_object->getDomain())) { | if (strlen($uri_object->getDomain())) { | ||||
| throw new Exception( | throw new Exception( | ||||
| pht( | pht( | ||||
| 'Refusing to redirect to local resource "%s". The URI has a '. | 'Refusing to redirect to local resource "%s". The URI has a '. | ||||
| 'domain, but the redirect is not marked external. Mark '. | 'domain, but the redirect is not marked external. Mark '. | ||||
| 'redirects as external to allow redirection off the local '. | 'redirects as external to allow redirection off the local '. | ||||
| 'domain.', | 'domain.', | ||||
| (string)$uri)); | (string)$uri)); | ||||
| } | } | ||||
| // If this is a local resource, it must be a valid local resource. | // If this is a local resource, it must be a valid local resource. | ||||
| if (!PhabricatorEnv::isValidLocalWebResource($uri)) { | if (!PhabricatorEnv::isValidLocalURIForLink($uri)) { | ||||
| throw new Exception( | throw new Exception( | ||||
| pht( | pht( | ||||
| 'Refusing to redirect to local resource "%s". This URI is not '. | 'Refusing to redirect to local resource "%s". This URI is not '. | ||||
| 'formatted in a recognizable way.', | 'formatted in a recognizable way.', | ||||
| (string)$uri)); | (string)$uri)); | ||||
| } | } | ||||
| // Fully qualify the result URI. | // Fully qualify the result URI. | ||||
| $uri = PhabricatorEnv::getURI((string)$uri); | $uri = PhabricatorEnv::getURI((string)$uri); | ||||
| } | } | ||||
| return (string)$uri; | return (string)$uri; | ||||
| } | } | ||||
| } | } | ||||