Changeset View
Changeset View
Standalone View
Standalone View
src/infrastructure/javelin/markup.php
Show First 20 Lines • Show All 71 Lines • ▼ Show 20 Lines | |||||
function phabricator_form(PhabricatorUser $user, $attributes, $content) { | function phabricator_form(PhabricatorUser $user, $attributes, $content) { | ||||
$body = array(); | $body = array(); | ||||
$http_method = idx($attributes, 'method'); | $http_method = idx($attributes, 'method'); | ||||
$is_post = (strcasecmp($http_method, 'POST') === 0); | $is_post = (strcasecmp($http_method, 'POST') === 0); | ||||
$http_action = idx($attributes, 'action'); | $http_action = idx($attributes, 'action'); | ||||
$is_absolute_uri = false; | |||||
if ($http_action != null) { | |||||
$is_absolute_uri = preg_match('#^(https?:|//)#', $http_action); | $is_absolute_uri = preg_match('#^(https?:|//)#', $http_action); | ||||
} | |||||
if ($is_post) { | if ($is_post) { | ||||
// NOTE: We only include CSRF tokens if a URI is a local URI on the same | // NOTE: We only include CSRF tokens if a URI is a local URI on the same | ||||
// domain. This is an important security feature and prevents forms which | // domain. This is an important security feature and prevents forms which | ||||
// submit to foreign sites from leaking CSRF tokens. | // submit to foreign sites from leaking CSRF tokens. | ||||
// In some cases, we may construct a fully-qualified local URI. For example, | // In some cases, we may construct a fully-qualified local URI. For example, | ||||
▲ Show 20 Lines • Show All 53 Lines • Show Last 20 Lines |