diff --git a/src/aphront/response/AphrontRedirectResponse.php b/src/aphront/response/AphrontRedirectResponse.php index 59864a21e8..5b4b009796 100644 --- a/src/aphront/response/AphrontRedirectResponse.php +++ b/src/aphront/response/AphrontRedirectResponse.php @@ -1,166 +1,166 @@ isExternal = $external; return $this; } public function __construct() { if ($this->shouldStopForDebugging()) { // If we're going to stop, capture the stack so we can print it out. $this->stackWhenCreated = id(new Exception())->getTrace(); } } public function setURI($uri) { $this->uri = $uri; return $this; } public function getURI() { // NOTE: When we convert a RedirectResponse into an AjaxResponse, we pull // the URI through this method. Make sure it passes checks before we // hand it over to callers. return self::getURIForRedirect($this->uri, $this->isExternal); } public function shouldStopForDebugging() { return PhabricatorEnv::getEnvConfig('debug.stop-on-redirect'); } public function getHeaders() { $headers = array(); if (!$this->shouldStopForDebugging()) { $uri = self::getURIForRedirect($this->uri, $this->isExternal); $headers[] = array('Location', $uri); } $headers = array_merge(parent::getHeaders(), $headers); return $headers; } public function buildResponseString() { if ($this->shouldStopForDebugging()) { $request = $this->getRequest(); $viewer = $request->getUser(); $view = new PhabricatorStandardPageView(); $view->setRequest($this->getRequest()); $view->setApplicationName(pht('Debug')); $view->setTitle(pht('Stopped on Redirect')); $dialog = new AphrontDialogView(); $dialog->setUser($viewer); $dialog->setTitle(pht('Stopped on Redirect')); $dialog->appendParagraph( pht( 'You were stopped here because %s is set in your configuration.', phutil_tag('tt', array(), 'debug.stop-on-redirect'))); $dialog->appendParagraph( pht( 'You are being redirected to: %s', phutil_tag('tt', array(), $this->getURI()))); $dialog->addCancelButton($this->getURI(), pht('Continue')); $dialog->appendChild(phutil_tag('br')); $dialog->appendChild( id(new AphrontStackTraceView()) ->setUser($viewer) ->setTrace($this->stackWhenCreated)); $dialog->setIsStandalone(true); $dialog->setWidth(AphrontDialogView::WIDTH_FULL); $box = id(new PHUIBoxView()) ->addMargin(PHUI::MARGIN_LARGE) ->appendChild($dialog); $view->appendChild($box); return $view->render(); } return ''; } /** * Format a URI for use in a "Location:" header. * * Verifies that a URI redirects to the expected type of resource (local or * remote) and formats it for use in a "Location:" header. * * The HTTP spec says "Location:" headers must use absolute URIs. Although * browsers work with relative URIs, we return absolute URIs to avoid * ambiguity. For example, Chrome interprets "Location: /\evil.com" to mean * "perform a protocol-relative redirect to evil.com". * * @param string URI to redirect to. * @param bool True if this URI identifies a remote resource. * @return string URI for use in a "Location:" header. */ public static function getURIForRedirect($uri, $is_external) { $uri_object = new PhutilURI($uri); if ($is_external) { // If this is a remote resource it must have a domain set. This // would also be caught below, but testing for it explicitly first allows // us to raise a better error message. if (!strlen($uri_object->getDomain())) { throw new Exception( pht( 'Refusing to redirect to external URI "%s". This URI '. 'is not fully qualified, and is missing a domain name. To '. 'redirect to a local resource, remove the external flag.', (string)$uri)); } // Check that it's a valid remote resource. - if (!PhabricatorEnv::isValidRemoteWebResource($uri)) { + if (!PhabricatorEnv::isValidURIForLink($uri)) { throw new Exception( pht( 'Refusing to redirect to external URI "%s". This URI '. 'is not a valid remote web resource.', (string)$uri)); } } else { // If this is a local resource, it must not have a domain set. This allows // us to raise a better error message than the check below can. if (strlen($uri_object->getDomain())) { throw new Exception( pht( 'Refusing to redirect to local resource "%s". The URI has a '. 'domain, but the redirect is not marked external. Mark '. 'redirects as external to allow redirection off the local '. 'domain.', (string)$uri)); } // If this is a local resource, it must be a valid local resource. - if (!PhabricatorEnv::isValidLocalWebResource($uri)) { + if (!PhabricatorEnv::isValidLocalURIForLink($uri)) { throw new Exception( pht( 'Refusing to redirect to local resource "%s". This URI is not '. 'formatted in a recognizable way.', (string)$uri)); } // Fully qualify the result URI. $uri = PhabricatorEnv::getURI((string)$uri); } return (string)$uri; } } diff --git a/src/applications/auth/controller/PhabricatorAuthFinishController.php b/src/applications/auth/controller/PhabricatorAuthFinishController.php index a94bc63a06..82f4d72b26 100644 --- a/src/applications/auth/controller/PhabricatorAuthFinishController.php +++ b/src/applications/auth/controller/PhabricatorAuthFinishController.php @@ -1,84 +1,84 @@ getRequest(); $viewer = $request->getUser(); // If the user already has a full session, just kick them out of here. $has_partial_session = $viewer->hasSession() && $viewer->getSession()->getIsPartial(); if (!$has_partial_session) { return id(new AphrontRedirectResponse())->setURI('/'); } $engine = new PhabricatorAuthSessionEngine(); // If this cookie is set, the user is headed into a high security area // after login (normally because of a password reset) so if they are // able to pass the checkpoint we just want to put their account directly // into high security mode, rather than prompt them again for the same // set of credentials. $jump_into_hisec = $request->getCookie(PhabricatorCookies::COOKIE_HISEC); try { $token = $engine->requireHighSecuritySession( $viewer, $request, '/logout/', $jump_into_hisec); } catch (PhabricatorAuthHighSecurityRequiredException $ex) { $form = id(new PhabricatorAuthSessionEngine())->renderHighSecurityForm( $ex->getFactors(), $ex->getFactorValidationResults(), $viewer, $request); return $this->newDialog() ->setTitle(pht('Provide Multi-Factor Credentials')) ->setShortTitle(pht('Multi-Factor Login')) ->setWidth(AphrontDialogView::WIDTH_FORM) ->addHiddenInput(AphrontRequest::TYPE_HISEC, true) ->appendParagraph( pht( 'Welcome, %s. To complete the login process, provide your '. 'multi-factor credentials.', phutil_tag('strong', array(), $viewer->getUsername()))) ->appendChild($form->buildLayoutView()) ->setSubmitURI($request->getPath()) ->addCancelButton($ex->getCancelURI()) ->addSubmitButton(pht('Continue')); } // Upgrade the partial session to a full session. $engine->upgradePartialSession($viewer); // TODO: It might be nice to add options like "bind this session to my IP" // here, even for accounts without multi-factor auth attached to them. $next = PhabricatorCookies::getNextURICookie($request); $request->clearCookie(PhabricatorCookies::COOKIE_NEXTURI); $request->clearCookie(PhabricatorCookies::COOKIE_HISEC); - if (!PhabricatorEnv::isValidLocalWebResource($next)) { + if (!PhabricatorEnv::isValidLocalURIForLink($next)) { $next = '/'; } return id(new AphrontRedirectResponse())->setURI($next); } } diff --git a/src/applications/auth/view/PhabricatorAuthAccountView.php b/src/applications/auth/view/PhabricatorAuthAccountView.php index 916b7e3b24..a68cdfff07 100644 --- a/src/applications/auth/view/PhabricatorAuthAccountView.php +++ b/src/applications/auth/view/PhabricatorAuthAccountView.php @@ -1,103 +1,103 @@ externalAccount = $external_account; return $this; } public function setAuthProvider(PhabricatorAuthProvider $provider) { $this->provider = $provider; return $this; } public function render() { $account = $this->externalAccount; $provider = $this->provider; require_celerity_resource('auth-css'); $content = array(); $dispname = $account->getDisplayName(); $username = $account->getUsername(); $realname = $account->getRealName(); $use_name = null; if (strlen($dispname)) { $use_name = $dispname; } else if (strlen($username) && strlen($realname)) { $use_name = $username.' ('.$realname.')'; } else if (strlen($username)) { $use_name = $username; } else if (strlen($realname)) { $use_name = $realname; } else { $use_name = $account->getAccountID(); } $content[] = phutil_tag( 'div', array( 'class' => 'auth-account-view-name', ), $use_name); if ($provider) { $prov_name = pht('%s Account', $provider->getProviderName()); } else { $prov_name = pht('"%s" Account', $account->getProviderType()); } $content[] = phutil_tag( 'div', array( 'class' => 'auth-account-view-provider-name', ), array( $prov_name, " \xC2\xB7 ", $account->getAccountID(), )); $account_uri = $account->getAccountURI(); if (strlen($account_uri)) { // Make sure we don't link a "javascript:" URI if a user somehow // managed to get one here. - if (PhabricatorEnv::isValidRemoteWebResource($account_uri)) { + if (PhabricatorEnv::isValidRemoteURIForLink($account_uri)) { $account_uri = phutil_tag( 'a', array( 'href' => $account_uri, 'target' => '_blank', ), $account_uri); } $content[] = phutil_tag( 'div', array( 'class' => 'auth-account-view-account-uri', ), $account_uri); } $image_uri = $account->getProfileImageFile()->getProfileThumbURI(); return phutil_tag( 'div', array( 'class' => 'auth-account-view', 'style' => 'background-image: url('.$image_uri.')', ), $content); } } diff --git a/src/applications/config/check/PhabricatorExtraConfigSetupCheck.php b/src/applications/config/check/PhabricatorExtraConfigSetupCheck.php index 139684adbe..9339c571c3 100644 --- a/src/applications/config/check/PhabricatorExtraConfigSetupCheck.php +++ b/src/applications/config/check/PhabricatorExtraConfigSetupCheck.php @@ -1,224 +1,227 @@ newIssue('config.unknown.'.$key) ->setShortName($short) ->setName($name) ->setSummary($summary); $stack = PhabricatorEnv::getConfigSourceStack(); $stack = $stack->getStack(); $found = array(); $found_local = false; $found_database = false; foreach ($stack as $source_key => $source) { $value = $source->getKeys(array($key)); if ($value) { $found[] = $source->getName(); if ($source instanceof PhabricatorConfigDatabaseSource) { $found_database = true; } if ($source instanceof PhabricatorConfigLocalSource) { $found_local = true; } } } $message = $message."\n\n".pht( 'This configuration value is defined in these %d '. 'configuration source(s): %s.', count($found), implode(', ', $found)); $issue->setMessage($message); if ($found_local) { $command = csprintf('phabricator/ $ ./bin/config delete %s', $key); $issue->addCommand($command); } if ($found_database) { $issue->addPhabricatorConfig($key); } } } /** * Return a map of deleted config options. Keys are option keys; values are * explanations of what happened to the option. */ public static function getAncientConfig() { $reason_auth = pht( 'This option has been migrated to the "Auth" application. Your old '. 'configuration is still in effect, but now stored in "Auth" instead of '. 'configuration. Going forward, you can manage authentication from '. 'the web UI.'); $auth_config = array( 'controller.oauth-registration', 'auth.password-auth-enabled', 'facebook.auth-enabled', 'facebook.registration-enabled', 'facebook.auth-permanent', 'facebook.application-id', 'facebook.application-secret', 'facebook.require-https-auth', 'github.auth-enabled', 'github.registration-enabled', 'github.auth-permanent', 'github.application-id', 'github.application-secret', 'google.auth-enabled', 'google.registration-enabled', 'google.auth-permanent', 'google.application-id', 'google.application-secret', 'ldap.auth-enabled', 'ldap.hostname', 'ldap.port', 'ldap.base_dn', 'ldap.search_attribute', 'ldap.search-first', 'ldap.username-attribute', 'ldap.real_name_attributes', 'ldap.activedirectory_domain', 'ldap.version', 'ldap.referrals', 'ldap.anonymous-user-name', 'ldap.anonymous-user-password', 'ldap.start-tls', 'disqus.auth-enabled', 'disqus.registration-enabled', 'disqus.auth-permanent', 'disqus.application-id', 'disqus.application-secret', 'phabricator.oauth-uri', 'phabricator.auth-enabled', 'phabricator.registration-enabled', 'phabricator.auth-permanent', 'phabricator.application-id', 'phabricator.application-secret', ); $ancient_config = array_fill_keys($auth_config, $reason_auth); $markup_reason = pht( 'Custom remarkup rules are now added by subclassing '. 'PhabricatorRemarkupCustomInlineRule or '. 'PhabricatorRemarkupCustomBlockRule.'); $session_reason = pht( 'Sessions now expire and are garbage collected rather than having an '. 'arbitrary concurrency limit.'); $differential_field_reason = pht( 'All Differential fields are now managed through the configuration '. 'option "%s". Use that option to configure which fields are shown.', 'differential.fields'); $ancient_config += array( 'phid.external-loaders' => pht( 'External loaders have been replaced. Extend `PhabricatorPHIDType` '. 'to implement new PHID and handle types.'), 'maniphest.custom-task-extensions-class' => pht( 'Maniphest fields are now loaded automatically. You can configure '. 'them with `maniphest.fields`.'), 'maniphest.custom-fields' => pht( 'Maniphest fields are now defined in '. '`maniphest.custom-field-definitions`. Existing definitions have '. 'been migrated.'), 'differential.custom-remarkup-rules' => $markup_reason, 'differential.custom-remarkup-block-rules' => $markup_reason, 'auth.sshkeys.enabled' => pht( 'SSH keys are now actually useful, so they are always enabled.'), 'differential.anonymous-access' => pht( 'Phabricator now has meaningful global access controls. See '. '`policy.allow-public`.'), 'celerity.resource-path' => pht( 'An alternate resource map is no longer supported. Instead, use '. 'multiple maps. See T4222.'), 'metamta.send-immediately' => pht( 'Mail is now always delivered by the daemons.'), 'auth.sessions.conduit' => $session_reason, 'auth.sessions.web' => $session_reason, 'tokenizer.ondemand' => pht( 'Phabricator now manages typeahead strategies automatically.'), 'differential.revision-custom-detail-renderer' => pht( 'Obsolete; use standard rendering events instead.'), 'differential.show-host-field' => $differential_field_reason, 'differential.show-test-plan-field' => $differential_field_reason, 'differential.field-selector' => $differential_field_reason, 'phabricator.show-beta-applications' => pht( 'This option has been renamed to `phabricator.show-prototypes` '. 'to emphasize the unfinished nature of many prototype applications. '. 'Your existing setting has been migrated.'), 'notification.user' => pht( 'The notification server no longer requires root permissions. Start '. 'the server as the user you want it to run under.'), 'notification.debug' => pht( 'Notifications no longer have a dedicated debugging mode.'), 'translation.provider' => pht( 'The translation implementation has changed and providers are no '. 'longer used or supported.'), 'config.mask' => pht( 'Use `config.hide` instead of this option.'), 'phd.start-taskmasters' => pht( 'Taskmasters now use an autoscaling pool. You can configure the '. 'pool size with `phd.taskmasters`.'), 'storage.engine-selector' => pht( 'Phabricator now automatically discovers available storage engines '. 'at runtime.'), 'storage.upload-size-limit' => pht( 'Phabricator now supports arbitrarily large files. Consult the '. 'documentation for configuration details.'), + 'security.allow-outbound-http' => pht( + 'This option has been replaced with the more granular option '. + '`security.outbound-blacklist`.'), ); return $ancient_config; } } diff --git a/src/applications/config/option/PhabricatorSecurityConfigOptions.php b/src/applications/config/option/PhabricatorSecurityConfigOptions.php index fc707b9b15..d8a8c85a92 100644 --- a/src/applications/config/option/PhabricatorSecurityConfigOptions.php +++ b/src/applications/config/option/PhabricatorSecurityConfigOptions.php @@ -1,308 +1,341 @@ newOption('security.alternate-file-domain', 'string', null) ->setLocked(true) ->setSummary(pht('Alternate domain to serve files from.')) ->setDescription( pht( 'By default, Phabricator serves files from the same domain '. 'the application is served from. This is convenient, but '. 'presents a security risk.'. "\n\n". 'You should configure a CDN or alternate file domain to mitigate '. 'this risk. Configuring a CDN will also improve performance. See '. '[[ %s | %s ]] for instructions.', $doc_href, $doc_name)) ->addExample('https://files.phabcdn.net/', pht('Valid Setting')), $this->newOption( 'security.hmac-key', 'string', '[D\t~Y7eNmnQGJ;rnH6aF;m2!vJ8@v8C=Cs:aQS\.Qw') ->setHidden(true) ->setSummary( pht('Key for HMAC digests.')) ->setDescription( pht( 'Default key for HMAC digests where the key is not important '. '(i.e., the hash itself is secret). You can change this if you '. 'want (to any other string), but doing so will break existing '. 'sessions and CSRF tokens.')), $this->newOption('security.require-https', 'bool', false) ->setLocked(true) ->setSummary( pht('Force users to connect via HTTPS instead of HTTP.')) ->setDescription( pht( "If the web server responds to both HTTP and HTTPS requests but ". "you want users to connect with only HTTPS, you can set this ". "to true to make Phabricator redirect HTTP requests to HTTPS.\n\n". "Normally, you should just configure your server not to accept ". "HTTP traffic, but this setting may be useful if you originally ". "used HTTP and have now switched to HTTPS but don't want to ". "break old links, or if your webserver sits behind a load ". "balancer which terminates HTTPS connections and you can not ". "reasonably configure more granular behavior there.\n\n". "IMPORTANT: Phabricator determines if a request is HTTPS or not ". "by examining the PHP \$_SERVER['HTTPS'] variable. If you run ". "Apache/mod_php this will probably be set correctly for you ". "automatically, but if you run Phabricator as CGI/FCGI (e.g., ". "through nginx or lighttpd), you need to configure your web ". "server so that it passes the value correctly based on the ". "connection type.")) ->setBoolOptions( array( pht('Force HTTPS'), pht('Allow HTTP'), )), $this->newOption('security.require-multi-factor-auth', 'bool', false) ->setLocked(true) ->setSummary( pht('Require all users to configure multi-factor authentication.')) ->setDescription( pht( 'By default, Phabricator allows users to add multi-factor '. 'authentication to their accounts, but does not require it. '. 'By enabling this option, you can force all users to add '. 'at least one authentication factor before they can use their '. 'accounts.')) ->setBoolOptions( array( pht('Multi-Factor Required'), pht('Multi-Factor Optional'), )), $this->newOption( 'phabricator.csrf-key', 'string', '0b7ec0592e0a2829d8b71df2fa269b2c6172eca3') ->setHidden(true) ->setSummary( pht('Hashed with other inputs to generate CSRF tokens.')) ->setDescription( pht( 'This is hashed with other inputs to generate CSRF tokens. If '. 'you want, you can change it to some other string which is '. 'unique to your install. This will make your install more secure '. 'in a vague, mostly theoretical way. But it will take you like 3 '. 'seconds of mashing on your keyboard to set it up so you might '. 'as well.')), $this->newOption( 'phabricator.mail-key', 'string', '5ce3e7e8787f6e40dfae861da315a5cdf1018f12') ->setHidden(true) ->setSummary( pht('Hashed with other inputs to generate mail tokens.')) ->setDescription( pht( "This is hashed with other inputs to generate mail tokens. If ". "you want, you can change it to some other string which is ". "unique to your install. In particular, you will want to do ". "this if you accidentally send a bunch of mail somewhere you ". "shouldn't have, to invalidate all old reply-to addresses.")), $this->newOption( 'uri.allowed-protocols', 'set', array( 'http' => true, 'https' => true, 'mailto' => true, )) ->setSummary( pht('Determines which URI protocols are auto-linked.')) ->setDescription( pht( "When users write comments which have URIs, they'll be ". "automatically linked if the protocol appears in this set. This ". "whitelist is primarily to prevent security issues like ". "javascript:// URIs.")) ->addExample("http\nhttps", pht('Valid Setting')) ->setLocked(true), $this->newOption( 'uri.allowed-editor-protocols', 'set', array( 'http' => true, 'https' => true, // This handler is installed by Textmate. 'txmt' => true, // This handler is for MacVim. 'mvim' => true, // Unofficial handler for Vim. 'vim' => true, // Unofficial handler for Sublime. 'subl' => true, // Unofficial handler for Emacs. 'emacs' => true, // This isn't a standard handler installed by an application, but // is a reasonable name for a user-installed handler. 'editor' => true, )) ->setSummary(pht('Whitelists editor protocols for "Open in Editor".')) ->setDescription( pht( "Users can configure a URI pattern to open files in a text ". "editor. The URI must use a protocol on this whitelist.\n\n". "(If you use an editor which defines a protocol not on this ". "list, [[ %s | let us know ]] and we'll update the defaults.)", $support_href)) ->setLocked(true), $this->newOption( 'celerity.resource-hash', 'string', 'd9455ea150622ee044f7931dabfa52aa') ->setSummary( pht('An input to the hash function when building resource hashes.')) ->setDescription( pht( 'This value is an input to the hash function when building '. 'resource hashes. It has no security value, but if you '. 'accidentally poison user caches (by pushing a bad patch or '. 'having something go wrong with a CDN, e.g.) you can change this '. 'to something else and rebuild the Celerity map to break user '. 'caches. Unless you are doing Celerity development, it is '. 'exceptionally unlikely that you need to modify this.')), $this->newOption('remarkup.enable-embedded-youtube', 'bool', false) ->setBoolOptions( array( pht('Embed YouTube videos'), pht("Don't embed YouTube videos"), )) ->setSummary( pht('Determines whether or not YouTube videos get embedded.')) ->setDescription( pht( "If you enable this, linked YouTube videos will be embeded ". "inline. This has mild security implications (you'll leak ". "referrers to YouTube) and is pretty silly (but sort of ". "awesome).")), - $this->newOption('security.allow-outbound-http', 'bool', true) - ->setBoolOptions( - array( - pht('Allow'), - pht('Disallow'), - )) + $this->newOption( + 'security.outbound-blacklist', + 'list', + $default_address_blacklist) ->setLocked(true) ->setSummary( - pht('Allow outbound HTTP requests.')) + pht( + 'Blacklist subnets to prevent user-initiated outbound '. + 'requests.')) ->setDescription( pht( - 'If you enable this, you are allowing Phabricator to '. - 'potentially make requests to external servers.')), + 'Phabricator users can make requests to other services from '. + 'the Phabricator host in some circumstances (for example, by '. + 'creating a repository with a remote URL or having Phabricator '. + 'fetch an image from a remote server).'. + "\n\n". + 'This may represent a security vulnerability if services on '. + 'the same subnet will accept commands or reveal private '. + 'information over unauthenticated HTTP GET, based on the source '. + 'IP address. In particular, all hosts in EC2 have access to '. + 'such a service.'. + "\n\n". + 'This option defines a list of netblocks which Phabricator '. + 'will decline to connect to. Generally, you should list all '. + 'private IP space here.')) + ->addExample(array('0.0.0.0/0'), pht('No Outbound Requests')), $this->newOption('security.strict-transport-security', 'bool', false) ->setLocked(true) ->setBoolOptions( array( pht('Use HSTS'), pht('Do Not Use HSTS'), )) ->setSummary(pht('Enable HTTP Strict Transport Security (HSTS).')) ->setDescription( pht( 'HTTP Strict Transport Security (HSTS) sends a header which '. 'instructs browsers that the site should only be accessed '. 'over HTTPS, never HTTP. This defuses an attack where an '. 'adversary gains access to your network, then proxies requests '. 'through an unsecured link.'. "\n\n". 'Do not enable this option if you serve (or plan to ever serve) '. 'unsecured content over plain HTTP. It is very difficult to '. 'undo this change once users\' browsers have accepted the '. 'setting.')), $this->newOption('security.allow-conduit-act-as-user', 'bool', false) ->setBoolOptions( array( pht('Allow'), pht('Disallow'), )) ->setLocked(true) ->setSummary( pht('Allow administrators to use the Conduit API as other users.')) ->setDescription( pht( 'DEPRECATED - if you enable this, you are allowing '. 'administrators to act as any user via the Conduit API. '. 'Enabling this is not advised as it introduces a huge policy '. 'violation and has been obsoleted in functionality.')), ); } protected function didValidateOption( PhabricatorConfigOption $option, $value) { $key = $option->getKey(); if ($key == 'security.alternate-file-domain') { $uri = new PhutilURI($value); $protocol = $uri->getProtocol(); if ($protocol !== 'http' && $protocol !== 'https') { throw new PhabricatorConfigValidationException( pht( "Config option '%s' is invalid. The URI must start with ". "'http://' or 'https://'.", $key)); } $domain = $uri->getDomain(); if (strpos($domain, '.') === false) { throw new PhabricatorConfigValidationException( pht( "Config option '%s' is invalid. The URI must contain a dot ('.'), ". "like 'http://example.com/', not just a bare name like ". "'http://example/'. Some web browsers will not set cookies on ". "domains with no TLD.", $key)); } $path = $uri->getPath(); if ($path !== '' && $path !== '/') { throw new PhabricatorConfigValidationException( pht( "Config option '%s' is invalid. The URI must NOT have a path, ". "e.g. 'http://phabricator.example.com/' is OK, but ". "'http://example.com/phabricator/' is not. Phabricator must be ". "installed on an entire domain; it can not be installed on a ". "path.", $key)); } } } } diff --git a/src/applications/files/storage/PhabricatorFile.php b/src/applications/files/storage/PhabricatorFile.php index f790b2b5f5..65f606e76a 100644 --- a/src/applications/files/storage/PhabricatorFile.php +++ b/src/applications/files/storage/PhabricatorFile.php @@ -1,1312 +1,1301 @@ setViewer(PhabricatorUser::getOmnipotentUser()) ->withClasses(array('PhabricatorFilesApplication')) ->executeOne(); $view_policy = $app->getPolicy( FilesDefaultViewCapability::CAPABILITY); return id(new PhabricatorFile()) ->setViewPolicy($view_policy) ->setIsPartial(0) ->attachOriginalFile(null) ->attachObjects(array()) ->attachObjectPHIDs(array()); } protected function getConfiguration() { return array( self::CONFIG_AUX_PHID => true, self::CONFIG_SERIALIZATION => array( 'metadata' => self::SERIALIZATION_JSON, ), self::CONFIG_COLUMN_SCHEMA => array( 'name' => 'text255?', 'mimeType' => 'text255?', 'byteSize' => 'uint64', 'storageEngine' => 'text32', 'storageFormat' => 'text32', 'storageHandle' => 'text255', 'authorPHID' => 'phid?', 'secretKey' => 'bytes20?', 'contentHash' => 'bytes40?', 'ttl' => 'epoch?', 'isExplicitUpload' => 'bool?', 'mailKey' => 'bytes20', 'isPartial' => 'bool', ), self::CONFIG_KEY_SCHEMA => array( 'key_phid' => null, 'phid' => array( 'columns' => array('phid'), 'unique' => true, ), 'authorPHID' => array( 'columns' => array('authorPHID'), ), 'contentHash' => array( 'columns' => array('contentHash'), ), 'key_ttl' => array( 'columns' => array('ttl'), ), 'key_dateCreated' => array( 'columns' => array('dateCreated'), ), 'key_partial' => array( 'columns' => array('authorPHID', 'isPartial'), ), ), ) + parent::getConfiguration(); } public function generatePHID() { return PhabricatorPHID::generateNewPHID( PhabricatorFileFilePHIDType::TYPECONST); } public function save() { if (!$this->getSecretKey()) { $this->setSecretKey($this->generateSecretKey()); } if (!$this->getMailKey()) { $this->setMailKey(Filesystem::readRandomCharacters(20)); } return parent::save(); } public function getMonogram() { return 'F'.$this->getID(); } public static function readUploadedFileData($spec) { if (!$spec) { throw new Exception('No file was uploaded!'); } $err = idx($spec, 'error'); if ($err) { throw new PhabricatorFileUploadException($err); } $tmp_name = idx($spec, 'tmp_name'); $is_valid = @is_uploaded_file($tmp_name); if (!$is_valid) { throw new Exception('File is not an uploaded file.'); } $file_data = Filesystem::readFile($tmp_name); $file_size = idx($spec, 'size'); if (strlen($file_data) != $file_size) { throw new Exception('File size disagrees with uploaded size.'); } return $file_data; } public static function newFromPHPUpload($spec, array $params = array()) { $file_data = self::readUploadedFileData($spec); $file_name = nonempty( idx($params, 'name'), idx($spec, 'name')); $params = array( 'name' => $file_name, ) + $params; return self::newFromFileData($file_data, $params); } public static function newFromXHRUpload($data, array $params = array()) { return self::newFromFileData($data, $params); } /** * Given a block of data, try to load an existing file with the same content * if one exists. If it does not, build a new file. * * This method is generally used when we have some piece of semi-trusted data * like a diff or a file from a repository that we want to show to the user. * We can't just dump it out because it may be dangerous for any number of * reasons; instead, we need to serve it through the File abstraction so it * ends up on the CDN domain if one is configured and so on. However, if we * simply wrote a new file every time we'd potentially end up with a lot * of redundant data in file storage. * * To solve these problems, we use file storage as a cache and reuse the * same file again if we've previously written it. * * NOTE: This method unguards writes. * * @param string Raw file data. * @param dict Dictionary of file information. */ public static function buildFromFileDataOrHash( $data, array $params = array()) { $file = id(new PhabricatorFile())->loadOneWhere( 'name = %s AND contentHash = %s LIMIT 1', self::normalizeFileName(idx($params, 'name')), self::hashFileContent($data)); if (!$file) { $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); $file = PhabricatorFile::newFromFileData($data, $params); unset($unguarded); } return $file; } public static function newFileFromContentHash($hash, array $params) { // Check to see if a file with same contentHash exist $file = id(new PhabricatorFile())->loadOneWhere( 'contentHash = %s LIMIT 1', $hash); if ($file) { // copy storageEngine, storageHandle, storageFormat $copy_of_storage_engine = $file->getStorageEngine(); $copy_of_storage_handle = $file->getStorageHandle(); $copy_of_storage_format = $file->getStorageFormat(); $copy_of_byte_size = $file->getByteSize(); $copy_of_mime_type = $file->getMimeType(); $new_file = PhabricatorFile::initializeNewFile(); $new_file->setByteSize($copy_of_byte_size); $new_file->setContentHash($hash); $new_file->setStorageEngine($copy_of_storage_engine); $new_file->setStorageHandle($copy_of_storage_handle); $new_file->setStorageFormat($copy_of_storage_format); $new_file->setMimeType($copy_of_mime_type); $new_file->copyDimensions($file); $new_file->readPropertiesFromParameters($params); $new_file->save(); return $new_file; } return $file; } public static function newChunkedFile( PhabricatorFileStorageEngine $engine, $length, array $params) { $file = PhabricatorFile::initializeNewFile(); $file->setByteSize($length); // TODO: We might be able to test the first chunk in order to figure // this out more reliably, since MIME detection usually examines headers. // However, enormous files are probably always either actually raw data // or reasonable to treat like raw data. $file->setMimeType('application/octet-stream'); $chunked_hash = idx($params, 'chunkedHash'); if ($chunked_hash) { $file->setContentHash($chunked_hash); } else { // See PhabricatorChunkedFileStorageEngine::getChunkedHash() for some // discussion of this. $seed = Filesystem::readRandomBytes(64); $hash = PhabricatorChunkedFileStorageEngine::getChunkedHashForInput( $seed); $file->setContentHash($hash); } $file->setStorageEngine($engine->getEngineIdentifier()); $file->setStorageHandle(PhabricatorFileChunk::newChunkHandle()); $file->setStorageFormat(self::STORAGE_FORMAT_RAW); $file->setIsPartial(1); $file->readPropertiesFromParameters($params); return $file; } private static function buildFromFileData($data, array $params = array()) { if (isset($params['storageEngines'])) { $engines = $params['storageEngines']; } else { $size = strlen($data); $engines = PhabricatorFileStorageEngine::loadStorageEngines($size); if (!$engines) { throw new Exception( pht( 'No configured storage engine can store this file. See '. '"Configuring File Storage" in the documentation for '. 'information on configuring storage engines.')); } } assert_instances_of($engines, 'PhabricatorFileStorageEngine'); if (!$engines) { throw new Exception(pht('No valid storage engines are available!')); } $file = PhabricatorFile::initializeNewFile(); $data_handle = null; $engine_identifier = null; $exceptions = array(); foreach ($engines as $engine) { $engine_class = get_class($engine); try { list($engine_identifier, $data_handle) = $file->writeToEngine( $engine, $data, $params); // We stored the file somewhere so stop trying to write it to other // places. break; } catch (PhabricatorFileStorageConfigurationException $ex) { // If an engine is outright misconfigured (or misimplemented), raise // that immediately since it probably needs attention. throw $ex; } catch (Exception $ex) { phlog($ex); // If an engine doesn't work, keep trying all the other valid engines // in case something else works. $exceptions[$engine_class] = $ex; } } if (!$data_handle) { throw new PhutilAggregateException( 'All storage engines failed to write file:', $exceptions); } $file->setByteSize(strlen($data)); $file->setContentHash(self::hashFileContent($data)); $file->setStorageEngine($engine_identifier); $file->setStorageHandle($data_handle); // TODO: This is probably YAGNI, but allows for us to do encryption or // compression later if we want. $file->setStorageFormat(self::STORAGE_FORMAT_RAW); $file->readPropertiesFromParameters($params); if (!$file->getMimeType()) { $tmp = new TempFile(); Filesystem::writeFile($tmp, $data); $file->setMimeType(Filesystem::getMimeType($tmp)); } try { $file->updateDimensions(false); } catch (Exception $ex) { // Do nothing } $file->save(); return $file; } public static function newFromFileData($data, array $params = array()) { $hash = self::hashFileContent($data); $file = self::newFileFromContentHash($hash, $params); if ($file) { return $file; } return self::buildFromFileData($data, $params); } public function migrateToEngine(PhabricatorFileStorageEngine $engine) { if (!$this->getID() || !$this->getStorageHandle()) { throw new Exception( "You can not migrate a file which hasn't yet been saved."); } $data = $this->loadFileData(); $params = array( 'name' => $this->getName(), ); list($new_identifier, $new_handle) = $this->writeToEngine( $engine, $data, $params); $old_engine = $this->instantiateStorageEngine(); $old_identifier = $this->getStorageEngine(); $old_handle = $this->getStorageHandle(); $this->setStorageEngine($new_identifier); $this->setStorageHandle($new_handle); $this->save(); $this->deleteFileDataIfUnused( $old_engine, $old_identifier, $old_handle); return $this; } private function writeToEngine( PhabricatorFileStorageEngine $engine, $data, array $params) { $engine_class = get_class($engine); $data_handle = $engine->writeFile($data, $params); if (!$data_handle || strlen($data_handle) > 255) { // This indicates an improperly implemented storage engine. throw new PhabricatorFileStorageConfigurationException( "Storage engine '{$engine_class}' executed writeFile() but did ". "not return a valid handle ('{$data_handle}') to the data: it ". "must be nonempty and no longer than 255 characters."); } $engine_identifier = $engine->getEngineIdentifier(); if (!$engine_identifier || strlen($engine_identifier) > 32) { throw new PhabricatorFileStorageConfigurationException( "Storage engine '{$engine_class}' returned an improper engine ". "identifier '{$engine_identifier}': it must be nonempty ". "and no longer than 32 characters."); } return array($engine_identifier, $data_handle); } public static function newFromFileDownload($uri, array $params = array()) { - // Make sure we're allowed to make a request first - if (!PhabricatorEnv::getEnvConfig('security.allow-outbound-http')) { - throw new Exception('Outbound HTTP requests are disabled!'); - } - - $uri = new PhutilURI($uri); - - $protocol = $uri->getProtocol(); - switch ($protocol) { - case 'http': - case 'https': - break; - default: - // Make sure we are not accessing any file:// URIs or similar. - return null; - } + PhabricatorEnv::requireValidRemoteURIForFetch( + $uri, + array( + 'http', + 'https', + )); $timeout = 5; - list($file_data) = id(new HTTPSFuture($uri)) ->setTimeout($timeout) ->resolvex(); $params = $params + array( 'name' => basename($uri), ); return self::newFromFileData($file_data, $params); } public static function normalizeFileName($file_name) { $pattern = "@[\\x00-\\x19#%&+!~'\$\"\/=\\\\?<> ]+@"; $file_name = preg_replace($pattern, '_', $file_name); $file_name = preg_replace('@_+@', '_', $file_name); $file_name = trim($file_name, '_'); $disallowed_filenames = array( '.' => 'dot', '..' => 'dotdot', '' => 'file', ); $file_name = idx($disallowed_filenames, $file_name, $file_name); return $file_name; } public function delete() { // We want to delete all the rows which mark this file as the transformation // of some other file (since we're getting rid of it). We also delete all // the transformations of this file, so that a user who deletes an image // doesn't need to separately hunt down and delete a bunch of thumbnails and // resizes of it. $outbound_xforms = id(new PhabricatorFileQuery()) ->setViewer(PhabricatorUser::getOmnipotentUser()) ->withTransforms( array( array( 'originalPHID' => $this->getPHID(), 'transform' => true, ), )) ->execute(); foreach ($outbound_xforms as $outbound_xform) { $outbound_xform->delete(); } $inbound_xforms = id(new PhabricatorTransformedFile())->loadAllWhere( 'transformedPHID = %s', $this->getPHID()); $this->openTransaction(); foreach ($inbound_xforms as $inbound_xform) { $inbound_xform->delete(); } $ret = parent::delete(); $this->saveTransaction(); $this->deleteFileDataIfUnused( $this->instantiateStorageEngine(), $this->getStorageEngine(), $this->getStorageHandle()); return $ret; } /** * Destroy stored file data if there are no remaining files which reference * it. */ public function deleteFileDataIfUnused( PhabricatorFileStorageEngine $engine, $engine_identifier, $handle) { // Check to see if any files are using storage. $usage = id(new PhabricatorFile())->loadAllWhere( 'storageEngine = %s AND storageHandle = %s LIMIT 1', $engine_identifier, $handle); // If there are no files using the storage, destroy the actual storage. if (!$usage) { try { $engine->deleteFile($handle); } catch (Exception $ex) { // In the worst case, we're leaving some data stranded in a storage // engine, which is not a big deal. phlog($ex); } } } public static function hashFileContent($data) { return sha1($data); } public function loadFileData() { $engine = $this->instantiateStorageEngine(); $data = $engine->readFile($this->getStorageHandle()); switch ($this->getStorageFormat()) { case self::STORAGE_FORMAT_RAW: $data = $data; break; default: throw new Exception('Unknown storage format.'); } return $data; } /** * Return an iterable which emits file content bytes. * * @param int Offset for the start of data. * @param int Offset for the end of data. * @return Iterable Iterable object which emits requested data. */ public function getFileDataIterator($begin = null, $end = null) { $engine = $this->instantiateStorageEngine(); return $engine->getFileDataIterator($this, $begin, $end); } public function getViewURI() { if (!$this->getPHID()) { throw new Exception( 'You must save a file before you can generate a view URI.'); } return $this->getCDNURI(null); } private function getCDNURI($token) { $name = phutil_escape_uri($this->getName()); $parts = array(); $parts[] = 'file'; $parts[] = 'data'; // If this is an instanced install, add the instance identifier to the URI. // Instanced configurations behind a CDN may not be able to control the // request domain used by the CDN (as with AWS CloudFront). Embedding the // instance identity in the path allows us to distinguish between requests // originating from different instances but served through the same CDN. $instance = PhabricatorEnv::getEnvConfig('cluster.instance'); if (strlen($instance)) { $parts[] = '@'.$instance; } $parts[] = $this->getSecretKey(); $parts[] = $this->getPHID(); if ($token) { $parts[] = $token; } $parts[] = $name; $path = '/'.implode('/', $parts); // If this file is only partially uploaded, we're just going to return a // local URI to make sure that Ajax works, since the page is inevitably // going to give us an error back. if ($this->getIsPartial()) { return PhabricatorEnv::getURI($path); } else { return PhabricatorEnv::getCDNURI($path); } } /** * Get the CDN URI for this file, including a one-time-use security token. * */ public function getCDNURIWithToken() { if (!$this->getPHID()) { throw new Exception( 'You must save a file before you can generate a CDN URI.'); } return $this->getCDNURI($this->generateOneTimeToken()); } public function getInfoURI() { return '/'.$this->getMonogram(); } public function getBestURI() { if ($this->isViewableInBrowser()) { return $this->getViewURI(); } else { return $this->getInfoURI(); } } public function getDownloadURI() { $uri = id(new PhutilURI($this->getViewURI())) ->setQueryParam('download', true); return (string) $uri; } private function getTransformedURI($transform) { $parts = array(); $parts[] = 'file'; $parts[] = 'xform'; $instance = PhabricatorEnv::getEnvConfig('cluster.instance'); if (strlen($instance)) { $parts[] = '@'.$instance; } $parts[] = $transform; $parts[] = $this->getPHID(); $parts[] = $this->getSecretKey(); $path = implode('/', $parts); $path = $path.'/'; return PhabricatorEnv::getCDNURI($path); } public function getProfileThumbURI() { return $this->getTransformedURI('thumb-profile'); } public function getThumb60x45URI() { return $this->getTransformedURI('thumb-60x45'); } public function getThumb160x120URI() { return $this->getTransformedURI('thumb-160x120'); } public function getPreview100URI() { return $this->getTransformedURI('preview-100'); } public function getPreview220URI() { return $this->getTransformedURI('preview-220'); } public function getThumb220x165URI() { return $this->getTransfomredURI('thumb-220x165'); } public function getThumb280x210URI() { return $this->getTransformedURI('thumb-280x210'); } public function isViewableInBrowser() { return ($this->getViewableMimeType() !== null); } public function isViewableImage() { if (!$this->isViewableInBrowser()) { return false; } $mime_map = PhabricatorEnv::getEnvConfig('files.image-mime-types'); $mime_type = $this->getMimeType(); return idx($mime_map, $mime_type); } public function isAudio() { if (!$this->isViewableInBrowser()) { return false; } $mime_map = PhabricatorEnv::getEnvConfig('files.audio-mime-types'); $mime_type = $this->getMimeType(); return idx($mime_map, $mime_type); } public function isTransformableImage() { // NOTE: The way the 'gd' extension works in PHP is that you can install it // with support for only some file types, so it might be able to handle // PNG but not JPEG. Try to generate thumbnails for whatever we can. Setup // warns you if you don't have complete support. $matches = null; $ok = preg_match( '@^image/(gif|png|jpe?g)@', $this->getViewableMimeType(), $matches); if (!$ok) { return false; } switch ($matches[1]) { case 'jpg'; case 'jpeg': return function_exists('imagejpeg'); break; case 'png': return function_exists('imagepng'); break; case 'gif': return function_exists('imagegif'); break; default: throw new Exception('Unknown type matched as image MIME type.'); } } public static function getTransformableImageFormats() { $supported = array(); if (function_exists('imagejpeg')) { $supported[] = 'jpg'; } if (function_exists('imagepng')) { $supported[] = 'png'; } if (function_exists('imagegif')) { $supported[] = 'gif'; } return $supported; } public function instantiateStorageEngine() { return self::buildEngine($this->getStorageEngine()); } public static function buildEngine($engine_identifier) { $engines = self::buildAllEngines(); foreach ($engines as $engine) { if ($engine->getEngineIdentifier() == $engine_identifier) { return $engine; } } throw new Exception( "Storage engine '{$engine_identifier}' could not be located!"); } public static function buildAllEngines() { $engines = id(new PhutilSymbolLoader()) ->setType('class') ->setConcreteOnly(true) ->setAncestorClass('PhabricatorFileStorageEngine') ->selectAndLoadSymbols(); $results = array(); foreach ($engines as $engine_class) { $results[] = newv($engine_class['name'], array()); } return $results; } public function getViewableMimeType() { $mime_map = PhabricatorEnv::getEnvConfig('files.viewable-mime-types'); $mime_type = $this->getMimeType(); $mime_parts = explode(';', $mime_type); $mime_type = trim(reset($mime_parts)); return idx($mime_map, $mime_type); } public function getDisplayIconForMimeType() { $mime_map = PhabricatorEnv::getEnvConfig('files.icon-mime-types'); $mime_type = $this->getMimeType(); return idx($mime_map, $mime_type, 'fa-file-o'); } public function validateSecretKey($key) { return ($key == $this->getSecretKey()); } public function generateSecretKey() { return Filesystem::readRandomCharacters(20); } public function updateDimensions($save = true) { if (!$this->isViewableImage()) { throw new Exception( 'This file is not a viewable image.'); } if (!function_exists('imagecreatefromstring')) { throw new Exception( 'Cannot retrieve image information.'); } $data = $this->loadFileData(); $img = imagecreatefromstring($data); if ($img === false) { throw new Exception( 'Error when decoding image.'); } $this->metadata[self::METADATA_IMAGE_WIDTH] = imagesx($img); $this->metadata[self::METADATA_IMAGE_HEIGHT] = imagesy($img); if ($save) { $this->save(); } return $this; } public function copyDimensions(PhabricatorFile $file) { $metadata = $file->getMetadata(); $width = idx($metadata, self::METADATA_IMAGE_WIDTH); if ($width) { $this->metadata[self::METADATA_IMAGE_WIDTH] = $width; } $height = idx($metadata, self::METADATA_IMAGE_HEIGHT); if ($height) { $this->metadata[self::METADATA_IMAGE_HEIGHT] = $height; } return $this; } /** * Load (or build) the {@class:PhabricatorFile} objects for builtin file * resources. The builtin mechanism allows files shipped with Phabricator * to be treated like normal files so that APIs do not need to special case * things like default images or deleted files. * * Builtins are located in `resources/builtin/` and identified by their * name. * * @param PhabricatorUser Viewing user. * @param list List of builtin file names. * @return dict Dictionary of named builtins. */ public static function loadBuiltins(PhabricatorUser $user, array $names) { $specs = array(); foreach ($names as $name) { $specs[] = array( 'originalPHID' => PhabricatorPHIDConstants::PHID_VOID, 'transform' => 'builtin:'.$name, ); } // NOTE: Anyone is allowed to access builtin files. $files = id(new PhabricatorFileQuery()) ->setViewer(PhabricatorUser::getOmnipotentUser()) ->withTransforms($specs) ->execute(); $files = mpull($files, null, 'getName'); $root = dirname(phutil_get_library_root('phabricator')); $root = $root.'/resources/builtin/'; $build = array(); foreach ($names as $name) { if (isset($files[$name])) { continue; } // This is just a sanity check to prevent loading arbitrary files. if (basename($name) != $name) { throw new Exception("Invalid builtin name '{$name}'!"); } $path = $root.$name; if (!Filesystem::pathExists($path)) { throw new Exception("Builtin '{$path}' does not exist!"); } $data = Filesystem::readFile($path); $params = array( 'name' => $name, 'ttl' => time() + (60 * 60 * 24 * 7), 'canCDN' => true, 'builtin' => $name, ); $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); $file = PhabricatorFile::newFromFileData($data, $params); $xform = id(new PhabricatorTransformedFile()) ->setOriginalPHID(PhabricatorPHIDConstants::PHID_VOID) ->setTransform('builtin:'.$name) ->setTransformedPHID($file->getPHID()) ->save(); unset($unguarded); $file->attachObjectPHIDs(array()); $file->attachObjects(array()); $files[$name] = $file; } return $files; } /** * Convenience wrapper for @{method:loadBuiltins}. * * @param PhabricatorUser Viewing user. * @param string Single builtin name to load. * @return PhabricatorFile Corresponding builtin file. */ public static function loadBuiltin(PhabricatorUser $user, $name) { return idx(self::loadBuiltins($user, array($name)), $name); } public function getObjects() { return $this->assertAttached($this->objects); } public function attachObjects(array $objects) { $this->objects = $objects; return $this; } public function getObjectPHIDs() { return $this->assertAttached($this->objectPHIDs); } public function attachObjectPHIDs(array $object_phids) { $this->objectPHIDs = $object_phids; return $this; } public function getOriginalFile() { return $this->assertAttached($this->originalFile); } public function attachOriginalFile(PhabricatorFile $file = null) { $this->originalFile = $file; return $this; } public function getImageHeight() { if (!$this->isViewableImage()) { return null; } return idx($this->metadata, self::METADATA_IMAGE_HEIGHT); } public function getImageWidth() { if (!$this->isViewableImage()) { return null; } return idx($this->metadata, self::METADATA_IMAGE_WIDTH); } public function getCanCDN() { if (!$this->isViewableImage()) { return false; } return idx($this->metadata, self::METADATA_CAN_CDN); } public function setCanCDN($can_cdn) { $this->metadata[self::METADATA_CAN_CDN] = $can_cdn ? 1 : 0; return $this; } public function isBuiltin() { return ($this->getBuiltinName() !== null); } public function getBuiltinName() { return idx($this->metadata, self::METADATA_BUILTIN); } public function setBuiltinName($name) { $this->metadata[self::METADATA_BUILTIN] = $name; return $this; } protected function generateOneTimeToken() { $key = Filesystem::readRandomCharacters(16); // Save the new secret. $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); $token = id(new PhabricatorAuthTemporaryToken()) ->setObjectPHID($this->getPHID()) ->setTokenType(self::ONETIME_TEMPORARY_TOKEN_TYPE) ->setTokenExpires(time() + phutil_units('1 hour in seconds')) ->setTokenCode(PhabricatorHash::digest($key)) ->save(); unset($unguarded); return $key; } public function validateOneTimeToken($token_code) { $token = id(new PhabricatorAuthTemporaryTokenQuery()) ->setViewer(PhabricatorUser::getOmnipotentUser()) ->withObjectPHIDs(array($this->getPHID())) ->withTokenTypes(array(self::ONETIME_TEMPORARY_TOKEN_TYPE)) ->withExpired(false) ->withTokenCodes(array(PhabricatorHash::digest($token_code))) ->executeOne(); return $token; } /** * Write the policy edge between this file and some object. * * @param phid Object PHID to attach to. * @return this */ public function attachToObject($phid) { $edge_type = PhabricatorObjectHasFileEdgeType::EDGECONST; id(new PhabricatorEdgeEditor()) ->addEdge($phid, $edge_type, $this->getPHID()) ->save(); return $this; } /** * Remove the policy edge between this file and some object. * * @param phid Object PHID to detach from. * @return this */ public function detachFromObject($phid) { $edge_type = PhabricatorObjectHasFileEdgeType::EDGECONST; id(new PhabricatorEdgeEditor()) ->removeEdge($phid, $edge_type, $this->getPHID()) ->save(); return $this; } /** * Configure a newly created file object according to specified parameters. * * This method is called both when creating a file from fresh data, and * when creating a new file which reuses existing storage. * * @param map Bag of parameters, see @{class:PhabricatorFile} * for documentation. * @return this */ private function readPropertiesFromParameters(array $params) { $file_name = idx($params, 'name'); $file_name = self::normalizeFileName($file_name); $this->setName($file_name); $author_phid = idx($params, 'authorPHID'); $this->setAuthorPHID($author_phid); $file_ttl = idx($params, 'ttl'); $this->setTtl($file_ttl); $view_policy = idx($params, 'viewPolicy'); if ($view_policy) { $this->setViewPolicy($params['viewPolicy']); } $is_explicit = (idx($params, 'isExplicitUpload') ? 1 : 0); $this->setIsExplicitUpload($is_explicit); $can_cdn = idx($params, 'canCDN'); if ($can_cdn) { $this->setCanCDN(true); } $builtin = idx($params, 'builtin'); if ($builtin) { $this->setBuiltinName($builtin); } $mime_type = idx($params, 'mime-type'); if ($mime_type) { $this->setMimeType($mime_type); } return $this; } public function getRedirectResponse() { $uri = $this->getBestURI(); // TODO: This is a bit iffy. Sometimes, getBestURI() returns a CDN URI // (if the file is a viewable image) and sometimes a local URI (if not). // For now, just detect which one we got and configure the response // appropriately. In the long run, if this endpoint is served from a CDN // domain, we can't issue a local redirect to an info URI (which is not // present on the CDN domain). We probably never actually issue local // redirects here anyway, since we only ever transform viewable images // right now. $is_external = strlen(id(new PhutilURI($uri))->getDomain()); return id(new AphrontRedirectResponse()) ->setIsExternal($is_external) ->setURI($uri); } /* -( PhabricatorApplicationTransactionInterface )------------------------- */ public function getApplicationTransactionEditor() { return new PhabricatorFileEditor(); } public function getApplicationTransactionObject() { return $this; } public function getApplicationTransactionTemplate() { return new PhabricatorFileTransaction(); } public function willRenderTimeline( PhabricatorApplicationTransactionView $timeline, AphrontRequest $request) { return $timeline; } /* -( PhabricatorPolicyInterface Implementation )-------------------------- */ public function getCapabilities() { return array( PhabricatorPolicyCapability::CAN_VIEW, PhabricatorPolicyCapability::CAN_EDIT, ); } public function getPolicy($capability) { switch ($capability) { case PhabricatorPolicyCapability::CAN_VIEW: if ($this->isBuiltin()) { return PhabricatorPolicies::getMostOpenPolicy(); } return $this->getViewPolicy(); case PhabricatorPolicyCapability::CAN_EDIT: return PhabricatorPolicies::POLICY_NOONE; } } public function hasAutomaticCapability($capability, PhabricatorUser $viewer) { $viewer_phid = $viewer->getPHID(); if ($viewer_phid) { if ($this->getAuthorPHID() == $viewer_phid) { return true; } } switch ($capability) { case PhabricatorPolicyCapability::CAN_VIEW: // If you can see the file this file is a transform of, you can see // this file. if ($this->getOriginalFile()) { return true; } // If you can see any object this file is attached to, you can see // the file. return (count($this->getObjects()) > 0); } return false; } public function describeAutomaticCapability($capability) { $out = array(); $out[] = pht('The user who uploaded a file can always view and edit it.'); switch ($capability) { case PhabricatorPolicyCapability::CAN_VIEW: $out[] = pht( 'Files attached to objects are visible to users who can view '. 'those objects.'); $out[] = pht( 'Thumbnails are visible only to users who can view the original '. 'file.'); break; } return $out; } /* -( PhabricatorSubscribableInterface Implementation )-------------------- */ public function isAutomaticallySubscribed($phid) { return ($this->authorPHID == $phid); } public function shouldShowSubscribersProperty() { return true; } public function shouldAllowSubscription($phid) { return true; } /* -( PhabricatorTokenReceiverInterface )---------------------------------- */ public function getUsersToNotifyOfTokenGiven() { return array( $this->getAuthorPHID(), ); } /* -( PhabricatorDestructibleInterface )----------------------------------- */ public function destroyObjectPermanently( PhabricatorDestructionEngine $engine) { $this->openTransaction(); $this->delete(); $this->saveTransaction(); } } diff --git a/src/applications/macro/controller/PhabricatorMacroEditController.php b/src/applications/macro/controller/PhabricatorMacroEditController.php index 77ca0c7485..e7d8d40b39 100644 --- a/src/applications/macro/controller/PhabricatorMacroEditController.php +++ b/src/applications/macro/controller/PhabricatorMacroEditController.php @@ -1,267 +1,288 @@ id = idx($data, 'id'); } public function processRequest() { $this->requireApplicationCapability( PhabricatorMacroManageCapability::CAPABILITY); $request = $this->getRequest(); $user = $request->getUser(); if ($this->id) { $macro = id(new PhabricatorMacroQuery()) ->setViewer($user) ->withIDs(array($this->id)) ->needFiles(true) ->executeOne(); if (!$macro) { return new Aphront404Response(); } } else { $macro = new PhabricatorFileImageMacro(); $macro->setAuthorPHID($user->getPHID()); } $errors = array(); $e_name = true; $e_file = null; $file = null; - $can_fetch = PhabricatorEnv::getEnvConfig('security.allow-outbound-http'); if ($request->isFormPost()) { $original = clone $macro; $new_name = null; if ($request->getBool('name_form') || !$macro->getID()) { $new_name = $request->getStr('name'); $macro->setName($new_name); if (!strlen($macro->getName())) { $errors[] = pht('Macro name is required.'); $e_name = pht('Required'); } else if (!preg_match('/^[a-z0-9:_-]{3,}\z/', $macro->getName())) { $errors[] = pht( 'Macro must be at least three characters long and contain only '. 'lowercase letters, digits, hyphens, colons and underscores.'); $e_name = pht('Invalid'); } else { $e_name = null; } } + $uri = $request->getStr('url'); + + $engine = new PhabricatorDestructionEngine(); + $file = null; if ($request->getFileExists('file')) { $file = PhabricatorFile::newFromPHPUpload( $_FILES['file'], array( 'name' => $request->getStr('name'), 'authorPHID' => $user->getPHID(), 'isExplicitUpload' => true, 'canCDN' => true, )); - } else if ($request->getStr('url') && $can_fetch) { + } else if ($uri) { try { $file = PhabricatorFile::newFromFileDownload( - $request->getStr('url'), + $uri, array( 'name' => $request->getStr('name'), - 'authorPHID' => $user->getPHID(), + 'viewPolicy' => PhabricatorPolicies::POLICY_NOONE, 'isExplicitUpload' => true, 'canCDN' => true, )); + + if (!$file->isViewableInBrowser()) { + $mime_type = $file->getMimeType(); + $engine->destroyObject($file); + $file = null; + throw new Exception( + pht( + 'The URI "%s" does not correspond to a valid image file, got '. + 'a file with MIME type "%s". You must specify the URI of a '. + 'valid image file.', + $uri, + $mime_type)); + } else { + $file + ->setAuthorPHID($user->getPHID()) + ->save(); + } + } catch (HTTPFutureHTTPResponseStatus $status) { + $errors[] = pht( + 'The URI "%s" could not be loaded, got %s error.', + $uri, + $status->getStatusCode()); } catch (Exception $ex) { - $errors[] = pht('Could not fetch URL: %s', $ex->getMessage()); + $errors[] = $ex->getMessage(); } } else if ($request->getStr('phid')) { $file = id(new PhabricatorFileQuery()) ->setViewer($user) ->withPHIDs(array($request->getStr('phid'))) ->executeOne(); } if ($file) { if (!$file->isViewableInBrowser()) { $errors[] = pht('You must upload an image.'); $e_file = pht('Invalid'); } else { $macro->setFilePHID($file->getPHID()); $macro->attachFile($file); $e_file = null; } } if (!$macro->getID() && !$file) { $errors[] = pht('You must upload an image to create a macro.'); $e_file = pht('Required'); } if (!$errors) { try { $xactions = array(); if ($new_name !== null) { $xactions[] = id(new PhabricatorMacroTransaction()) ->setTransactionType(PhabricatorMacroTransactionType::TYPE_NAME) ->setNewValue($new_name); } if ($file) { $xactions[] = id(new PhabricatorMacroTransaction()) ->setTransactionType(PhabricatorMacroTransactionType::TYPE_FILE) ->setNewValue($file->getPHID()); } $editor = id(new PhabricatorMacroEditor()) ->setActor($user) ->setContinueOnNoEffect(true) ->setContentSourceFromRequest($request); $xactions = $editor->applyTransactions($original, $xactions); $view_uri = $this->getApplicationURI('/view/'.$original->getID().'/'); return id(new AphrontRedirectResponse())->setURI($view_uri); } catch (AphrontDuplicateKeyQueryException $ex) { throw $ex; $errors[] = pht('Macro name is not unique!'); $e_name = pht('Duplicate'); } } } $current_file = null; if ($macro->getFilePHID()) { $current_file = $macro->getFile(); } $form = new AphrontFormView(); $form->addHiddenInput('name_form', 1); $form->setUser($request->getUser()); $form ->setEncType('multipart/form-data') ->appendChild( id(new AphrontFormTextControl()) ->setLabel(pht('Name')) ->setName('name') ->setValue($macro->getName()) ->setCaption( pht('This word or phrase will be replaced with the image.')) ->setError($e_name)); if (!$macro->getID()) { if ($current_file) { $current_file_view = id(new PhabricatorFileLinkView()) ->setFilePHID($current_file->getPHID()) ->setFileName($current_file->getName()) ->setFileViewable(true) ->setFileViewURI($current_file->getBestURI()) ->render(); $form->addHiddenInput('phid', $current_file->getPHID()); $form->appendChild( id(new AphrontFormMarkupControl()) ->setLabel(pht('Selected File')) ->setValue($current_file_view)); $other_label = pht('Change File'); } else { $other_label = pht('File'); } - if ($can_fetch) { - $form->appendChild( - id(new AphrontFormTextControl()) - ->setLabel(pht('URL')) - ->setName('url') - ->setValue($request->getStr('url')) - ->setError($request->getFileExists('file') ? false : $e_file)); - } + $form->appendChild( + id(new AphrontFormTextControl()) + ->setLabel(pht('URL')) + ->setName('url') + ->setValue($request->getStr('url')) + ->setError($request->getFileExists('file') ? false : $e_file)); $form->appendChild( id(new AphrontFormFileControl()) ->setLabel($other_label) ->setName('file') ->setError($request->getStr('url') ? false : $e_file)); } $view_uri = $this->getApplicationURI('/view/'.$macro->getID().'/'); if ($macro->getID()) { $cancel_uri = $view_uri; } else { $cancel_uri = $this->getApplicationURI(); } $form ->appendChild( id(new AphrontFormSubmitControl()) ->setValue(pht('Save Image Macro')) ->addCancelButton($cancel_uri)); $crumbs = $this->buildApplicationCrumbs(); if ($macro->getID()) { $title = pht('Edit Image Macro'); $crumb = pht('Edit Macro'); $crumbs->addTextCrumb(pht('Macro "%s"', $macro->getName()), $view_uri); } else { $title = pht('Create Image Macro'); $crumb = pht('Create Macro'); } $crumbs->addTextCrumb($crumb, $request->getRequestURI()); $upload = null; if ($macro->getID()) { $upload_form = id(new AphrontFormView()) ->setEncType('multipart/form-data') ->setUser($request->getUser()); - if ($can_fetch) { - $upload_form->appendChild( - id(new AphrontFormTextControl()) - ->setLabel(pht('URL')) - ->setName('url') - ->setValue($request->getStr('url'))); - } + $upload_form->appendChild( + id(new AphrontFormTextControl()) + ->setLabel(pht('URL')) + ->setName('url') + ->setValue($request->getStr('url'))); $upload_form ->appendChild( id(new AphrontFormFileControl()) ->setLabel(pht('File')) ->setName('file')) ->appendChild( id(new AphrontFormSubmitControl()) ->setValue(pht('Upload File'))); $upload = id(new PHUIObjectBoxView()) ->setHeaderText(pht('Upload New File')) ->setForm($upload_form); } $form_box = id(new PHUIObjectBoxView()) ->setHeaderText($title) ->setFormErrors($errors) ->setForm($form); return $this->buildApplicationPage( array( $crumbs, $form_box, $upload, ), array( 'title' => $title, )); } } diff --git a/src/applications/mailinglists/controller/PhabricatorMailingListsEditController.php b/src/applications/mailinglists/controller/PhabricatorMailingListsEditController.php index ec83a781a3..b6eb81a6ff 100644 --- a/src/applications/mailinglists/controller/PhabricatorMailingListsEditController.php +++ b/src/applications/mailinglists/controller/PhabricatorMailingListsEditController.php @@ -1,131 +1,131 @@ getRequest(); $viewer = $request->getUser(); $this->requireApplicationCapability( PhabricatorMailingListsManageCapability::CAPABILITY); $list_id = $request->getURIData('id'); if ($list_id) { $page_title = pht('Edit Mailing List'); $list = id(new PhabricatorMailingListQuery()) ->setViewer($viewer) ->withIDs(array($list_id)) ->executeOne(); if (!$list) { return new Aphront404Response(); } } else { $page_title = pht('Create Mailing List'); $list = new PhabricatorMetaMTAMailingList(); } $e_email = true; $e_uri = null; $e_name = true; $errors = array(); $crumbs = $this->buildApplicationCrumbs(); if ($request->isFormPost()) { $list->setName($request->getStr('name')); $list->setEmail($request->getStr('email')); $list->setURI($request->getStr('uri')); $e_email = null; $e_name = null; if (!strlen($list->getEmail())) { $e_email = pht('Required'); $errors[] = pht('Email is required.'); } if (!strlen($list->getName())) { $e_name = pht('Required'); $errors[] = pht('Name is required.'); } else if (preg_match('/[ ,]/', $list->getName())) { $e_name = pht('Invalid'); $errors[] = pht('Name must not contain spaces or commas.'); } if ($list->getURI()) { - if (!PhabricatorEnv::isValidWebResource($list->getURI())) { + if (!PhabricatorEnv::isValidRemoteURIForLink($list->getURI())) { $e_uri = pht('Invalid'); $errors[] = pht('Mailing list URI must point to a valid web page.'); } } if (!$errors) { try { $list->save(); return id(new AphrontRedirectResponse()) ->setURI($this->getApplicationURI()); } catch (AphrontDuplicateKeyQueryException $ex) { $e_email = pht('Duplicate'); $errors[] = pht('Another mailing list already uses that address.'); } } } $form = new AphrontFormView(); $form->setUser($request->getUser()); if ($list->getID()) { $form->setAction($this->getApplicationURI('/edit/'.$list->getID().'/')); } else { $form->setAction($this->getApplicationURI('/edit/')); } $form ->appendChild( id(new AphrontFormTextControl()) ->setLabel(pht('Email')) ->setName('email') ->setValue($list->getEmail()) ->setCaption(pht('Email will be delivered to this address.')) ->setError($e_email)) ->appendChild( id(new AphrontFormTextControl()) ->setLabel(pht('Name')) ->setName('name') ->setError($e_name) ->setCaption(pht('Human-readable display and autocomplete name.')) ->setValue($list->getName())) ->appendChild( id(new AphrontFormTextControl()) ->setLabel(pht('URI')) ->setName('uri') ->setError($e_uri) ->setCaption(pht('Optional link to mailing list archives or info.')) ->setValue($list->getURI())) ->appendChild( id(new AphrontFormSubmitControl()) ->setValue(pht('Save')) ->addCancelButton($this->getApplicationURI())); if ($list->getID()) { $crumbs->addTextCrumb(pht('Edit Mailing List')); } else { $crumbs->addTextCrumb(pht('Create Mailing List')); } $form_box = id(new PHUIObjectBoxView()) ->setHeaderText($page_title) ->setFormErrors($errors) ->setForm($form); return $this->buildApplicationPage( array( $crumbs, $form_box, ), array( 'title' => $page_title, )); } } diff --git a/src/applications/oauthserver/PhabricatorOAuthServer.php b/src/applications/oauthserver/PhabricatorOAuthServer.php index 049c1cd0c2..228ea8e61e 100644 --- a/src/applications/oauthserver/PhabricatorOAuthServer.php +++ b/src/applications/oauthserver/PhabricatorOAuthServer.php @@ -1,272 +1,272 @@ user) { throw new Exception('You must setUser before you can getUser!'); } return $this->user; } public function setUser(PhabricatorUser $user) { $this->user = $user; return $this; } private function getClient() { if (!$this->client) { throw new Exception('You must setClient before you can getClient!'); } return $this->client; } public function setClient(PhabricatorOAuthServerClient $client) { $this->client = $client; return $this; } /** * @task auth * @return tuple */ public function userHasAuthorizedClient(array $scope) { $authorization = id(new PhabricatorOAuthClientAuthorization())-> loadOneWhere('userPHID = %s AND clientPHID = %s', $this->getUser()->getPHID(), $this->getClient()->getPHID()); if (empty($authorization)) { return array(false, null); } if ($scope) { $missing_scope = array_diff_key($scope, $authorization->getScope()); } else { $missing_scope = false; } if ($missing_scope) { return array(false, $authorization); } return array(true, $authorization); } /** * @task auth */ public function authorizeClient(array $scope) { $authorization = new PhabricatorOAuthClientAuthorization(); $authorization->setUserPHID($this->getUser()->getPHID()); $authorization->setClientPHID($this->getClient()->getPHID()); $authorization->setScope($scope); $authorization->save(); return $authorization; } /** * @task auth */ public function generateAuthorizationCode(PhutilURI $redirect_uri) { $code = Filesystem::readRandomCharacters(32); $client = $this->getClient(); $authorization_code = new PhabricatorOAuthServerAuthorizationCode(); $authorization_code->setCode($code); $authorization_code->setClientPHID($client->getPHID()); $authorization_code->setClientSecret($client->getSecret()); $authorization_code->setUserPHID($this->getUser()->getPHID()); $authorization_code->setRedirectURI((string) $redirect_uri); $authorization_code->save(); return $authorization_code; } /** * @task token */ public function generateAccessToken() { $token = Filesystem::readRandomCharacters(32); $access_token = new PhabricatorOAuthServerAccessToken(); $access_token->setToken($token); $access_token->setUserPHID($this->getUser()->getPHID()); $access_token->setClientPHID($this->getClient()->getPHID()); $access_token->save(); return $access_token; } /** * @task token */ public function validateAuthorizationCode( PhabricatorOAuthServerAuthorizationCode $test_code, PhabricatorOAuthServerAuthorizationCode $valid_code) { // check that all the meta data matches if ($test_code->getClientPHID() != $valid_code->getClientPHID()) { return false; } if ($test_code->getClientSecret() != $valid_code->getClientSecret()) { return false; } // check that the authorization code hasn't timed out $created_time = $test_code->getDateCreated(); $must_be_used_by = $created_time + self::AUTHORIZATION_CODE_TIMEOUT; return (time() < $must_be_used_by); } /** * @task token */ public function validateAccessToken( PhabricatorOAuthServerAccessToken $token, $required_scope) { $created_time = $token->getDateCreated(); $must_be_used_by = $created_time + self::ACCESS_TOKEN_TIMEOUT; $expired = time() > $must_be_used_by; $authorization = id(new PhabricatorOAuthClientAuthorization()) ->loadOneWhere( 'userPHID = %s AND clientPHID = %s', $token->getUserPHID(), $token->getClientPHID()); if (!$authorization) { return false; } $token_scope = $authorization->getScope(); if (!isset($token_scope[$required_scope])) { return false; } $valid = true; if ($expired) { $valid = false; // check if the scope includes "offline_access", which makes the // token valid despite being expired if (isset( $token_scope[PhabricatorOAuthServerScope::SCOPE_OFFLINE_ACCESS])) { $valid = true; } } return $valid; } /** * See http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-3.1.2 * for details on what makes a given redirect URI "valid". */ public function validateRedirectURI(PhutilURI $uri) { - if (!PhabricatorEnv::isValidRemoteWebResource($uri)) { + if (!PhabricatorEnv::isValidRemoteURIForLink($uri)) { return false; } if ($uri->getFragment()) { return false; } if (!$uri->getDomain()) { return false; } return true; } /** * If there's a URI specified in an OAuth request, it must be validated in * its own right. Further, it must have the same domain, the same path, the * same port, and (at least) the same query parameters as the primary URI. */ public function validateSecondaryRedirectURI( PhutilURI $secondary_uri, PhutilURI $primary_uri) { // The secondary URI must be valid. if (!$this->validateRedirectURI($secondary_uri)) { return false; } // Both URIs must point at the same domain. if ($secondary_uri->getDomain() != $primary_uri->getDomain()) { return false; } // Both URIs must have the same path if ($secondary_uri->getPath() != $primary_uri->getPath()) { return false; } // Both URIs must have the same port if ($secondary_uri->getPort() != $primary_uri->getPort()) { return false; } // Any query parameters present in the first URI must be exactly present // in the second URI. $need_params = $primary_uri->getQueryParams(); $have_params = $secondary_uri->getQueryParams(); foreach ($need_params as $key => $value) { if (!array_key_exists($key, $have_params)) { return false; } if ((string)$have_params[$key] != (string)$value) { return false; } } // If the first URI is HTTPS, the second URI must also be HTTPS. This // defuses an attack where a third party with control over the network // tricks you into using HTTP to authenticate over a link which is supposed // to be HTTPS only and sniffs all your token cookies. if (strtolower($primary_uri->getProtocol()) == 'https') { if (strtolower($secondary_uri->getProtocol()) != 'https') { return false; } } return true; } } diff --git a/src/infrastructure/env/PhabricatorEnv.php b/src/infrastructure/env/PhabricatorEnv.php index 4fd790f037..cc804b5589 100644 --- a/src/infrastructure/env/PhabricatorEnv.php +++ b/src/infrastructure/env/PhabricatorEnv.php @@ -1,731 +1,871 @@ overrideEnv('some.key', 'new-value-for-this-test'); * * // Some test which depends on the value of 'some.key'. * * } * * Your changes will persist until the `$env` object leaves scope or is * destroyed. * * You should //not// use this in normal code. * * * @task read Reading Configuration * @task uri URI Validation * @task test Unit Test Support * @task internal Internals */ final class PhabricatorEnv { private static $sourceStack; private static $repairSource; private static $overrideSource; private static $requestBaseURI; private static $cache; private static $localeCode; /** * @phutil-external-symbol class PhabricatorStartup */ public static function initializeWebEnvironment() { self::initializeCommonEnvironment(); } public static function initializeScriptEnvironment() { self::initializeCommonEnvironment(); // NOTE: This is dangerous in general, but we know we're in a script context // and are not vulnerable to CSRF. AphrontWriteGuard::allowDangerousUnguardedWrites(true); // There are several places where we log information (about errors, events, // service calls, etc.) for analysis via DarkConsole or similar. These are // useful for web requests, but grow unboundedly in long-running scripts and // daemons. Discard data as it arrives in these cases. PhutilServiceProfiler::getInstance()->enableDiscardMode(); DarkConsoleErrorLogPluginAPI::enableDiscardMode(); DarkConsoleEventPluginAPI::enableDiscardMode(); } private static function initializeCommonEnvironment() { PhutilErrorHandler::initialize(); self::buildConfigurationSourceStack(); // Force a valid timezone. If both PHP and Phabricator configuration are // invalid, use UTC. $tz = PhabricatorEnv::getEnvConfig('phabricator.timezone'); if ($tz) { @date_default_timezone_set($tz); } $ok = @date_default_timezone_set(date_default_timezone_get()); if (!$ok) { date_default_timezone_set('UTC'); } // Prepend '/support/bin' and append any paths to $PATH if we need to. $env_path = getenv('PATH'); $phabricator_path = dirname(phutil_get_library_root('phabricator')); $support_path = $phabricator_path.'/support/bin'; $env_path = $support_path.PATH_SEPARATOR.$env_path; $append_dirs = PhabricatorEnv::getEnvConfig('environment.append-paths'); if (!empty($append_dirs)) { $append_path = implode(PATH_SEPARATOR, $append_dirs); $env_path = $env_path.PATH_SEPARATOR.$append_path; } putenv('PATH='.$env_path); // Write this back into $_ENV, too, so ExecFuture picks it up when creating // subprocess environments. $_ENV['PATH'] = $env_path; // If an instance identifier is defined, write it into the environment so // it's available to subprocesses. $instance = PhabricatorEnv::getEnvConfig('cluster.instance'); if (strlen($instance)) { putenv('PHABRICATOR_INSTANCE='.$instance); $_ENV['PHABRICATOR_INSTANCE'] = $instance; } PhabricatorEventEngine::initialize(); // TODO: Add a "locale.default" config option once we have some reasonable // defaults which aren't silly nonsense. self::setLocaleCode('en_US'); } public static function setLocaleCode($locale_code) { if ($locale_code == self::$localeCode) { return; } try { $locale = PhutilLocale::loadLocale($locale_code); $translations = PhutilTranslation::getTranslationMapForLocale( $locale_code); $override = PhabricatorEnv::getEnvConfig('translation.override'); if (!is_array($override)) { $override = array(); } PhutilTranslator::getInstance() ->setLocale($locale) ->setTranslations($override + $translations); self::$localeCode = $locale_code; } catch (Exception $ex) { // Just ignore this; the user likely has an out-of-date locale code. } } private static function buildConfigurationSourceStack() { self::dropConfigCache(); $stack = new PhabricatorConfigStackSource(); self::$sourceStack = $stack; $default_source = id(new PhabricatorConfigDefaultSource()) ->setName(pht('Global Default')); $stack->pushSource($default_source); $env = self::getSelectedEnvironmentName(); if ($env) { $stack->pushSource( id(new PhabricatorConfigFileSource($env)) ->setName(pht("File '%s'", $env))); } $stack->pushSource( id(new PhabricatorConfigLocalSource()) ->setName(pht('Local Config'))); // If the install overrides the database adapter, we might need to load // the database adapter class before we can push on the database config. // This config is locked and can't be edited from the web UI anyway. foreach (PhabricatorEnv::getEnvConfig('load-libraries') as $library) { phutil_load_library($library); } // If custom libraries specify config options, they won't get default // values as the Default source has already been loaded, so we get it to // pull in all options from non-phabricator libraries now they are loaded. $default_source->loadExternalOptions(); // If this install has site config sources, load them now. $site_sources = id(new PhutilSymbolLoader()) ->setAncestorClass('PhabricatorConfigSiteSource') ->loadObjects(); $site_sources = msort($site_sources, 'getPriority'); foreach ($site_sources as $site_source) { $stack->pushSource($site_source); } try { $stack->pushSource( id(new PhabricatorConfigDatabaseSource('default')) ->setName(pht('Database'))); } catch (AphrontQueryException $exception) { // If the database is not available, just skip this configuration // source. This happens during `bin/storage upgrade`, `bin/conf` before // schema setup, etc. } } public static function repairConfig($key, $value) { if (!self::$repairSource) { self::$repairSource = id(new PhabricatorConfigDictionarySource(array())) ->setName(pht('Repaired Config')); self::$sourceStack->pushSource(self::$repairSource); } self::$repairSource->setKeys(array($key => $value)); self::dropConfigCache(); } public static function overrideConfig($key, $value) { if (!self::$overrideSource) { self::$overrideSource = id(new PhabricatorConfigDictionarySource(array())) ->setName(pht('Overridden Config')); self::$sourceStack->pushSource(self::$overrideSource); } self::$overrideSource->setKeys(array($key => $value)); self::dropConfigCache(); } public static function getUnrepairedEnvConfig($key, $default = null) { foreach (self::$sourceStack->getStack() as $source) { if ($source === self::$repairSource) { continue; } $result = $source->getKeys(array($key)); if ($result) { return $result[$key]; } } return $default; } public static function getSelectedEnvironmentName() { $env_var = 'PHABRICATOR_ENV'; $env = idx($_SERVER, $env_var); if (!$env) { $env = getenv($env_var); } if (!$env) { $env = idx($_ENV, $env_var); } if (!$env) { $root = dirname(phutil_get_library_root('phabricator')); $path = $root.'/conf/local/ENVIRONMENT'; if (Filesystem::pathExists($path)) { $env = trim(Filesystem::readFile($path)); } } return $env; } public static function calculateEnvironmentHash() { $keys = self::getKeysForConsistencyCheck(); $values = array(); foreach ($keys as $key) { $values[$key] = self::getEnvConfigIfExists($key); } return PhabricatorHash::digest(json_encode($values)); } /** * Returns a summary of non-default configuration settings to allow the * "daemons and web have different config" setup check to list divergent * keys. */ public static function calculateEnvironmentInfo() { $keys = self::getKeysForConsistencyCheck(); $info = array(); $defaults = id(new PhabricatorConfigDefaultSource())->getAllKeys(); foreach ($keys as $key) { $current = self::getEnvConfigIfExists($key); $default = idx($defaults, $key, null); if ($current !== $default) { $info[$key] = PhabricatorHash::digestForIndex(json_encode($current)); } } $keys_hash = array_keys($defaults); sort($keys_hash); $keys_hash = implode("\0", $keys_hash); $keys_hash = PhabricatorHash::digestForIndex($keys_hash); return array( 'version' => 1, 'keys' => $keys_hash, 'values' => $info, ); } /** * Compare two environment info summaries to generate a human-readable * list of discrepancies. */ public static function compareEnvironmentInfo(array $u, array $v) { $issues = array(); $uversion = idx($u, 'version'); $vversion = idx($v, 'version'); if ($uversion != $vversion) { $issues[] = pht( 'The two configurations were generated by different versions '. 'of Phabricator.'); // These may not be comparable, so stop here. return $issues; } if ($u['keys'] !== $v['keys']) { $issues[] = pht( 'The two configurations have different keys. This usually means '. 'that they are running different versions of Phabricator.'); } $uval = idx($u, 'values', array()); $vval = idx($v, 'values', array()); $all_keys = array_keys($uval + $vval); foreach ($all_keys as $key) { $uv = idx($uval, $key); $vv = idx($vval, $key); if ($uv !== $vv) { if ($uv && $vv) { $issues[] = pht( 'The configuration key "%s" is set in both configurations, but '. 'set to different values.', $key); } else { $issues[] = pht( 'The configuration key "%s" is set in only one configuration.', $key); } } } return $issues; } private static function getKeysForConsistencyCheck() { $keys = array_keys(self::getAllConfigKeys()); sort($keys); $skip_keys = self::getEnvConfig('phd.variant-config'); return array_diff($keys, $skip_keys); } /* -( Reading Configuration )---------------------------------------------- */ /** * Get the current configuration setting for a given key. * * If the key is not found, then throw an Exception. * * @task read */ public static function getEnvConfig($key) { if (isset(self::$cache[$key])) { return self::$cache[$key]; } if (array_key_exists($key, self::$cache)) { return self::$cache[$key]; } $result = self::$sourceStack->getKeys(array($key)); if (array_key_exists($key, $result)) { self::$cache[$key] = $result[$key]; return $result[$key]; } else { throw new Exception("No config value specified for key '{$key}'."); } } /** * Get the current configuration setting for a given key. If the key * does not exist, return a default value instead of throwing. This is * primarily useful for migrations involving keys which are slated for * removal. * * @task read */ public static function getEnvConfigIfExists($key, $default = null) { try { return self::getEnvConfig($key); } catch (Exception $ex) { return $default; } } /** * Get the fully-qualified URI for a path. * * @task read */ public static function getURI($path) { return rtrim(self::getAnyBaseURI(), '/').$path; } /** * Get the fully-qualified production URI for a path. * * @task read */ public static function getProductionURI($path) { // If we're passed a URI which already has a domain, simply return it // unmodified. In particular, files may have URIs which point to a CDN // domain. $uri = new PhutilURI($path); if ($uri->getDomain()) { return $path; } $production_domain = self::getEnvConfig('phabricator.production-uri'); if (!$production_domain) { $production_domain = self::getAnyBaseURI(); } return rtrim($production_domain, '/').$path; } public static function getAllowedURIs($path) { $uri = new PhutilURI($path); if ($uri->getDomain()) { return $path; } $allowed_uris = self::getEnvConfig('phabricator.allowed-uris'); $return = array(); foreach ($allowed_uris as $allowed_uri) { $return[] = rtrim($allowed_uri, '/').$path; } return $return; } /** * Get the fully-qualified production URI for a static resource path. * * @task read */ public static function getCDNURI($path) { $alt = self::getEnvConfig('security.alternate-file-domain'); if (!$alt) { $alt = self::getAnyBaseURI(); } $uri = new PhutilURI($alt); $uri->setPath($path); return (string)$uri; } /** * Get the fully-qualified production URI for a documentation resource. * * @task read */ public static function getDoclink($resource, $type = 'article') { $uri = new PhutilURI('https://secure.phabricator.com/diviner/find/'); $uri->setQueryParam('name', $resource); $uri->setQueryParam('type', $type); $uri->setQueryParam('jump', true); return (string)$uri; } /** * Build a concrete object from a configuration key. * * @task read */ public static function newObjectFromConfig($key, $args = array()) { $class = self::getEnvConfig($key); return newv($class, $args); } public static function getAnyBaseURI() { $base_uri = self::getEnvConfig('phabricator.base-uri'); if (!$base_uri) { $base_uri = self::getRequestBaseURI(); } if (!$base_uri) { throw new Exception( "Define 'phabricator.base-uri' in your configuration to continue."); } return $base_uri; } public static function getRequestBaseURI() { return self::$requestBaseURI; } public static function setRequestBaseURI($uri) { self::$requestBaseURI = $uri; } /* -( Unit Test Support )-------------------------------------------------- */ /** * @task test */ public static function beginScopedEnv() { return new PhabricatorScopedEnv(self::pushTestEnvironment()); } /** * @task test */ private static function pushTestEnvironment() { self::dropConfigCache(); $source = new PhabricatorConfigDictionarySource(array()); self::$sourceStack->pushSource($source); return spl_object_hash($source); } /** * @task test */ public static function popTestEnvironment($key) { self::dropConfigCache(); $source = self::$sourceStack->popSource(); $stack_key = spl_object_hash($source); if ($stack_key !== $key) { self::$sourceStack->pushSource($source); throw new Exception( 'Scoped environments were destroyed in a diffent order than they '. 'were initialized.'); } } /* -( URI Validation )----------------------------------------------------- */ /** - * Detect if a URI satisfies either @{method:isValidLocalWebResource} or - * @{method:isValidRemoteWebResource}, i.e. is a page on this server or the + * Detect if a URI satisfies either @{method:isValidLocalURIForLink} or + * @{method:isValidRemoteURIForLink}, i.e. is a page on this server or the * URI of some other resource which has a valid protocol. This rejects * garbage URIs and URIs with protocols which do not appear in the - * ##uri.allowed-protocols## configuration, notably 'javascript:' URIs. + * `uri.allowed-protocols` configuration, notably 'javascript:' URIs. * * NOTE: This method is generally intended to reject URIs which it may be * unsafe to put in an "href" link attribute. * * @param string URI to test. * @return bool True if the URI identifies a web resource. * @task uri */ - public static function isValidWebResource($uri) { - return self::isValidLocalWebResource($uri) || - self::isValidRemoteWebResource($uri); + public static function isValidURIForLink($uri) { + return self::isValidLocalURIForLink($uri) || + self::isValidRemoteURIForLink($uri); } /** * Detect if a URI identifies some page on this server. * * NOTE: This method is generally intended to reject URIs which it may be * unsafe to issue a "Location:" redirect to. * * @param string URI to test. * @return bool True if the URI identifies a local page. * @task uri */ - public static function isValidLocalWebResource($uri) { + public static function isValidLocalURIForLink($uri) { $uri = (string)$uri; if (!strlen($uri)) { return false; } if (preg_match('/\s/', $uri)) { // PHP hasn't been vulnerable to header injection attacks for a bunch of // years, but we can safely reject these anyway since they're never valid. return false; } // Chrome (at a minimum) interprets backslashes in Location headers and the // URL bar as forward slashes. This is probably intended to reduce user // error caused by confusion over which key is "forward slash" vs "back // slash". // // However, it means a URI like "/\evil.com" is interpreted like // "//evil.com", which is a protocol relative remote URI. // // Since we currently never generate URIs with backslashes in them, reject // these unconditionally rather than trying to figure out how browsers will // interpret them. if (preg_match('/\\\\/', $uri)) { return false; } // Valid URIs must begin with '/', followed by the end of the string or some // other non-'/' character. This rejects protocol-relative URIs like // "//evil.com/evil_stuff/". return (bool)preg_match('@^/([^/]|$)@', $uri); } /** - * Detect if a URI identifies some valid remote resource. + * Detect if a URI identifies some valid linkable remote resource. * * @param string URI to test. * @return bool True if a URI idenfies a remote resource with an allowed * protocol. * @task uri */ - public static function isValidRemoteWebResource($uri) { - $uri = (string)$uri; - - $proto = id(new PhutilURI($uri))->getProtocol(); - if (!$proto) { + public static function isValidRemoteURIForLink($uri) { + try { + self::requireValidRemoteURIForLink($uri); + return true; + } catch (Exception $ex) { return false; } + } + + + /** + * Detect if a URI identifies a valid linkable remote resource, throwing a + * detailed message if it does not. + * + * A valid linkable remote resource can be safely linked or redirected to. + * This is primarily a protocol whitelist check. + * + * @param string URI to test. + * @return void + * @task uri + */ + public static function requireValidRemoteURIForLink($uri) { + $uri = new PhutilURI($uri); + + $proto = $uri->getProtocol(); + if (!strlen($proto)) { + throw new Exception( + pht( + 'URI "%s" is not a valid linkable resource. A valid linkable '. + 'resource URI must specify a protocol.', + $uri)); + } - $allowed = self::getEnvConfig('uri.allowed-protocols'); - if (empty($allowed[$proto])) { + $protocols = self::getEnvConfig('uri.allowed-protocols'); + if (!isset($protocols[$proto])) { + throw new Exception( + pht( + 'URI "%s" is not a valid linkable resource. A valid linkable '. + 'resource URI must use one of these protocols: %s.', + $uri, + implode(', ', array_keys($protocols)))); + } + + $domain = $uri->getDomain(); + if (!strlen($domain)) { + throw new Exception( + pht( + 'URI "%s" is not a valid linkable resource. A valid linkable '. + 'resource URI must specify a domain.', + $uri)); + } + } + + + /** + * Detect if a URI identifies a valid fetchable remote resource. + * + * @param string URI to test. + * @param list Allowed protocols. + * @return bool True if the URI is a valid fetchable remote resource. + * @task uri + */ + public static function isValidRemoteURIForFetch($uri, array $protocols) { + try { + self::requireValidRemoteURIForFetch($uri, $protocols); + return true; + } catch (Exception $ex) { return false; } + } + + + /** + * Detect if a URI identifies a valid fetchable remote resource, throwing + * a detailed message if it does not. + * + * A valid fetchable remote resource can be safely fetched using a request + * originating on this server. This is a primarily an address check against + * the outbound address blacklist. + * + * @param string URI to test. + * @param list Allowed protocols. + * @return void + * @task uri + */ + public static function requireValidRemoteURIForFetch( + $uri, + array $protocols) { + + $uri = new PhutilURI($uri); + + $proto = $uri->getProtocol(); + if (!strlen($proto)) { + throw new Exception( + pht( + 'URI "%s" is not a valid fetchable resource. A valid fetchable '. + 'resource URI must specify a protocol.', + $uri)); + } + + $protocols = array_fuse($protocols); + if (!isset($protocols[$proto])) { + throw new Exception( + pht( + 'URI "%s" is not a valid fetchable resource. A valid fetchable '. + 'resource URI must use one of these protocols: %s.', + $uri, + implode(', ', array_keys($protocols)))); + } + + $domain = $uri->getDomain(); + if (!strlen($domain)) { + throw new Exception( + pht( + 'URI "%s" is not a valid fetchable resource. A valid fetchable '. + 'resource URI must specify a domain.', + $uri)); + } + + $addresses = gethostbynamel($domain); + if (!$addresses) { + throw new Exception( + pht( + 'URI "%s" is not a valid fetchable resource. The domain "%s" could '. + 'not be resolved.', + $uri, + $domain)); + } + + foreach ($addresses as $address) { + if (self::isBlacklistedOutboundAddress($address)) { + throw new Exception( + pht( + 'URI "%s" is not a valid fetchable resource. The domain "%s" '. + 'resolves to the address "%s", which is blacklisted for '. + 'outbound requests.', + $uri, + $domain, + $address)); + } + } + } + + + /** + * Determine if an IP address is in the outbound address blacklist. + * + * @param string IP address. + * @return bool True if the address is blacklisted. + */ + public static function isBlacklistedOutboundAddress($address) { + $blacklist = self::getEnvConfig('security.outbound-blacklist'); - return true; + return PhutilCIDRList::newList($blacklist)->containsAddress($address); } public static function isClusterRemoteAddress() { $address = idx($_SERVER, 'REMOTE_ADDR'); if (!$address) { throw new Exception( pht( 'Unable to test remote address against cluster whitelist: '. 'REMOTE_ADDR is not defined.')); } return self::isClusterAddress($address); } public static function isClusterAddress($address) { $cluster_addresses = PhabricatorEnv::getEnvConfig('cluster.addresses'); if (!$cluster_addresses) { throw new Exception( pht( 'Phabricator is not configured to serve cluster requests. '. 'Set `cluster.addresses` in the configuration to whitelist '. 'cluster hosts before sending requests that use a cluster '. 'authentication mechanism.')); } return PhutilCIDRList::newList($cluster_addresses) ->containsAddress($address); } /* -( Internals )---------------------------------------------------------- */ /** * @task internal */ public static function envConfigExists($key) { return array_key_exists($key, self::$sourceStack->getKeys(array($key))); } /** * @task internal */ public static function getAllConfigKeys() { return self::$sourceStack->getAllKeys(); } public static function getConfigSourceStack() { return self::$sourceStack; } /** * @task internal */ public static function overrideTestEnvConfig($stack_key, $key, $value) { $tmp = array(); // If we don't have the right key, we'll throw when popping the last // source off the stack. do { $source = self::$sourceStack->popSource(); array_unshift($tmp, $source); if (spl_object_hash($source) == $stack_key) { $source->setKeys(array($key => $value)); break; } } while (true); foreach ($tmp as $source) { self::$sourceStack->pushSource($source); } self::dropConfigCache(); } private static function dropConfigCache() { self::$cache = array(); } } diff --git a/src/infrastructure/env/__tests__/PhabricatorEnvTestCase.php b/src/infrastructure/env/__tests__/PhabricatorEnvTestCase.php index a34b37ae72..e363cf2fb1 100644 --- a/src/infrastructure/env/__tests__/PhabricatorEnvTestCase.php +++ b/src/infrastructure/env/__tests__/PhabricatorEnvTestCase.php @@ -1,177 +1,220 @@ true, '/D123' => true, '/path/to/something/' => true, "/path/to/\nHeader: x" => false, 'http://evil.com/' => false, '//evil.com/evil/' => false, 'javascript:lol' => false, '' => false, null => false, '/\\evil.com' => false, ); foreach ($map as $uri => $expect) { $this->assertEqual( $expect, - PhabricatorEnv::isValidLocalWebResource($uri), + PhabricatorEnv::isValidLocalURIForLink($uri), "Valid local resource: {$uri}"); } } - public function testRemoteWebResource() { + public function testRemoteURIForLink() { $map = array( - 'http://example.com/' => true, - 'derp://example.com/' => false, - 'javascript:alert(1)' => false, + 'http://example.com/' => true, + 'derp://example.com/' => false, + 'javascript:alert(1)' => false, + 'http://127.0.0.1/' => true, + 'http://169.254.169.254/latest/meta-data/hostname' => true, ); foreach ($map as $uri => $expect) { $this->assertEqual( $expect, - PhabricatorEnv::isValidRemoteWebResource($uri), - "Valid remote resource: {$uri}"); + PhabricatorEnv::isValidRemoteURIForLink($uri), + "Valid linkable remote URI: {$uri}"); + } + } + + public function testRemoteURIForFetch() { + $map = array( + 'http://example.com/' => true, + + // No domain or protocol. + '' => false, + + // No domain. + 'http://' => false, + + // No protocol. + 'evil.com' => false, + + // No protocol. + '//evil.com' => false, + + // Bad protocol. + 'javascript://evil.com/' => false, + 'file:///etc/shadow' => false, + + // Unresolvable hostname. + 'http://u1VcxwUp368SIFzl7rkWWg23KM5JPB2kTHHngxjXCQc.zzz/' => false, + + // Domains explicitly in blacklisted IP space. + 'http://127.0.0.1/' => false, + 'http://169.254.169.254/latest/meta-data/hostname' => false, + + // Domain resolves into blacklisted IP space. + 'http://localhost/' => false, + ); + + $protocols = array('http', 'https'); + + foreach ($map as $uri => $expect) { + $this->assertEqual( + $expect, + PhabricatorEnv::isValidRemoteURIForFetch($uri, $protocols), + "Valid fetchable remote URI: {$uri}"); } } public function testDictionarySource() { $source = new PhabricatorConfigDictionarySource(array('x' => 1)); $this->assertEqual( array( 'x' => 1, ), $source->getKeys(array('x', 'z'))); $source->setKeys(array('z' => 2)); $this->assertEqual( array( 'x' => 1, 'z' => 2, ), $source->getKeys(array('x', 'z'))); $source->setKeys(array('x' => 3)); $this->assertEqual( array( 'x' => 3, 'z' => 2, ), $source->getKeys(array('x', 'z'))); $source->deleteKeys(array('x')); $this->assertEqual( array( 'z' => 2, ), $source->getKeys(array('x', 'z'))); } public function testStackSource() { $s1 = new PhabricatorConfigDictionarySource(array('x' => 1)); $s2 = new PhabricatorConfigDictionarySource(array('x' => 2)); $stack = new PhabricatorConfigStackSource(); $this->assertEqual(array(), $stack->getKeys(array('x'))); $stack->pushSource($s1); $this->assertEqual(array('x' => 1), $stack->getKeys(array('x'))); $stack->pushSource($s2); $this->assertEqual(array('x' => 2), $stack->getKeys(array('x'))); $stack->setKeys(array('x' => 3)); $this->assertEqual(array('x' => 3), $stack->getKeys(array('x'))); $stack->popSource(); $this->assertEqual(array('x' => 1), $stack->getKeys(array('x'))); $stack->popSource(); $this->assertEqual(array(), $stack->getKeys(array('x'))); $caught = null; try { $stack->popSource(); } catch (Exception $ex) { $caught = $ex; } $this->assertTrue($caught instanceof Exception); } public function testOverrides() { $outer = PhabricatorEnv::beginScopedEnv(); $outer->overrideEnvConfig('test.value', 1); $this->assertEqual(1, PhabricatorEnv::getEnvConfig('test.value')); $inner = PhabricatorEnv::beginScopedEnv(); $inner->overrideEnvConfig('test.value', 2); $this->assertEqual(2, PhabricatorEnv::getEnvConfig('test.value')); if (phutil_is_hiphop_runtime()) { $inner->__destruct(); } unset($inner); $this->assertEqual(1, PhabricatorEnv::getEnvConfig('test.value')); if (phutil_is_hiphop_runtime()) { $outer->__destruct(); } unset($outer); } public function testOverrideOrder() { $outer = PhabricatorEnv::beginScopedEnv(); $inner = PhabricatorEnv::beginScopedEnv(); $caught = null; try { $outer->__destruct(); } catch (Exception $ex) { $caught = $ex; } $this->assertTrue( $caught instanceof Exception, 'Destroying a scoped environment which is not on the top of the stack '. 'should throw.'); if (phutil_is_hiphop_runtime()) { $inner->__destruct(); } unset($inner); if (phutil_is_hiphop_runtime()) { $outer->__destruct(); } unset($outer); } public function testGetEnvExceptions() { $caught = null; try { PhabricatorEnv::getEnvConfig('not.a.real.config.option'); } catch (Exception $ex) { $caught = $ex; } $this->assertTrue($caught instanceof Exception); $caught = null; try { PhabricatorEnv::getEnvConfig('test.value'); } catch (Exception $ex) { $caught = $ex; } $this->assertFalse($caught instanceof Exception); } } diff --git a/src/infrastructure/markup/rule/PhabricatorNavigationRemarkupRule.php b/src/infrastructure/markup/rule/PhabricatorNavigationRemarkupRule.php index 2f32950f4e..03c9b320a0 100644 --- a/src/infrastructure/markup/rule/PhabricatorNavigationRemarkupRule.php +++ b/src/infrastructure/markup/rule/PhabricatorNavigationRemarkupRule.php @@ -1,112 +1,112 @@ isFlatText($matches[0])) { return $matches[0]; } $elements = ltrim($matches[1], ", \n"); $elements = explode('>', $elements); $defaults = array( 'name' => null, 'type' => 'link', 'href' => null, 'icon' => null, ); $sequence = array(); $parser = new PhutilSimpleOptions(); foreach ($elements as $element) { if (strpos($element, '=') === false) { $sequence[] = array( 'name' => trim($element), ) + $defaults; } else { $sequence[] = $parser->parse($element) + $defaults; } } if ($this->getEngine()->isTextMode()) { return implode(' > ', ipull($sequence, 'name')); } static $icon_names; if (!$icon_names) { $icon_names = array_fuse(PHUIIconView::getFontIcons()); } $out = array(); foreach ($sequence as $item) { $item_name = $item['name']; $item_color = PHUITagView::COLOR_GREY; if ($item['type'] == 'instructions') { $item_name = phutil_tag('em', array(), $item_name); $item_color = PHUITagView::COLOR_INDIGO; } $tag = id(new PHUITagView()) ->setType(PHUITagView::TYPE_SHADE) ->setShade($item_color) ->setName($item_name); if ($item['icon']) { $icon_name = 'fa-'.$item['icon']; if (isset($icon_names[$icon_name])) { $tag->setIcon($icon_name); } } if ($item['href'] !== null) { - if (PhabricatorEnv::isValidWebResource($item['href'])) { + if (PhabricatorEnv::isValidRemoteURIForLink($item['href'])) { $tag->setHref($item['href']); $tag->setExternal(true); } } $out[] = $tag; } if ($this->getEngine()->isHTMLMailMode()) { $arrow_attr = array( 'style' => 'color: #92969D;', ); $nav_attr = array(); } else { $arrow_attr = array( 'class' => 'remarkup-nav-sequence-arrow', ); $nav_attr = array( 'class' => 'remarkup-nav-sequence', ); } $joiner = phutil_tag( 'span', $arrow_attr, " \xE2\x86\x92 "); $out = phutil_implode_html($joiner, $out); $out = phutil_tag( 'span', $nav_attr, $out); return $this->getEngine()->storeText($out); } } diff --git a/src/view/page/PhabricatorStandardPageView.php b/src/view/page/PhabricatorStandardPageView.php index 79a1a43b7c..5c5b750a20 100644 --- a/src/view/page/PhabricatorStandardPageView.php +++ b/src/view/page/PhabricatorStandardPageView.php @@ -1,629 +1,629 @@ showFooter = $show_footer; return $this; } public function getShowFooter() { return $this->showFooter; } public function setApplicationMenu(PHUIListView $application_menu) { $this->applicationMenu = $application_menu; return $this; } public function getApplicationMenu() { return $this->applicationMenu; } public function setApplicationName($application_name) { $this->applicationName = $application_name; return $this; } public function setDisableConsole($disable) { $this->disableConsole = $disable; return $this; } public function getApplicationName() { return $this->applicationName; } public function setBaseURI($base_uri) { $this->baseURI = $base_uri; return $this; } public function getBaseURI() { return $this->baseURI; } public function setShowChrome($show_chrome) { $this->showChrome = $show_chrome; return $this; } public function getShowChrome() { return $this->showChrome; } public function appendPageObjects(array $objs) { foreach ($objs as $obj) { $this->pageObjects[] = $obj; } } public function setShowDurableColumn($show) { $this->showDurableColumn = $show; return $this; } public function getShowDurableColumn() { $request = $this->getRequest(); if (!$request) { return false; } $viewer = $request->getUser(); if (!$viewer->isLoggedIn()) { return false; } $conpherence_installed = PhabricatorApplication::isClassInstalledForViewer( 'PhabricatorConpherenceApplication', $viewer); if (!$conpherence_installed) { return false; } $patterns = $this->getQuicksandURIPatternBlacklist(); $path = $request->getRequestURI()->getPath(); foreach ($patterns as $pattern) { if (preg_match('(^'.$pattern.'$)', $path)) { return false; } } return true; } public function getDurableColumnVisible() { $column_key = PhabricatorUserPreferences::PREFERENCE_CONPHERENCE_COLUMN; return (bool)$this->getUserPreference($column_key, 0); } public function getTitle() { $glyph_key = PhabricatorUserPreferences::PREFERENCE_TITLES; if ($this->getUserPreference($glyph_key) == 'text') { $use_glyph = false; } else { $use_glyph = true; } $title = parent::getTitle(); $prefix = null; if ($use_glyph) { $prefix = $this->getGlyph(); } else { $application_name = $this->getApplicationName(); if (strlen($application_name)) { $prefix = '['.$application_name.']'; } } if (strlen($prefix)) { $title = $prefix.' '.$title; } return $title; } protected function willRenderPage() { parent::willRenderPage(); if (!$this->getRequest()) { throw new Exception( pht( 'You must set the Request to render a PhabricatorStandardPageView.')); } $console = $this->getConsole(); require_celerity_resource('phabricator-core-css'); require_celerity_resource('phabricator-zindex-css'); require_celerity_resource('phui-button-css'); require_celerity_resource('phui-spacing-css'); require_celerity_resource('phui-form-css'); require_celerity_resource('sprite-gradient-css'); require_celerity_resource('phabricator-standard-page-view'); require_celerity_resource('conpherence-durable-column-view'); Javelin::initBehavior('workflow', array()); $request = $this->getRequest(); $user = null; if ($request) { $user = $request->getUser(); } if ($user) { $default_img_uri = celerity_get_resource_uri( 'rsrc/image/icon/fatcow/document_black.png'); $download_form = phabricator_form( $user, array( 'action' => '#', 'method' => 'POST', 'class' => 'lightbox-download-form', 'sigil' => 'download', ), phutil_tag( 'button', array(), pht('Download'))); Javelin::initBehavior( 'lightbox-attachments', array( 'defaultImageUri' => $default_img_uri, 'downloadForm' => $download_form, )); } Javelin::initBehavior('aphront-form-disable-on-submit'); Javelin::initBehavior('toggle-class', array()); Javelin::initBehavior('history-install'); Javelin::initBehavior('phabricator-gesture'); $current_token = null; if ($user) { $current_token = $user->getCSRFToken(); } Javelin::initBehavior( 'refresh-csrf', array( 'tokenName' => AphrontRequest::getCSRFTokenName(), 'header' => AphrontRequest::getCSRFHeaderName(), 'current' => $current_token, )); Javelin::initBehavior('device'); if ($user->hasSession()) { $hisec = ($user->getSession()->getHighSecurityUntil() - time()); if ($hisec > 0) { $remaining_time = phutil_format_relative_time($hisec); Javelin::initBehavior( 'high-security-warning', array( 'uri' => '/auth/session/downgrade/', 'message' => pht( 'Your session is in high security mode. When you '. 'finish using it, click here to leave.', $remaining_time), )); } } if ($console) { require_celerity_resource('aphront-dark-console-css'); $headers = array(); if (DarkConsoleXHProfPluginAPI::isProfilerStarted()) { $headers[DarkConsoleXHProfPluginAPI::getProfilerHeader()] = 'page'; } if (DarkConsoleServicesPlugin::isQueryAnalyzerRequested()) { $headers[DarkConsoleServicesPlugin::getQueryAnalyzerHeader()] = true; } Javelin::initBehavior( 'dark-console', array( // NOTE: We use a generic label here to prevent input reflection // and mitigate compression attacks like BREACH. See discussion in // T3684. 'uri' => pht('Main Request'), 'selected' => $user ? $user->getConsoleTab() : null, 'visible' => $user ? (int)$user->getConsoleVisible() : true, 'headers' => $headers, )); // Change this to initBehavior when there is some behavior to initialize require_celerity_resource('javelin-behavior-error-log'); } if ($user) { $viewer = $user; } else { $viewer = new PhabricatorUser(); } $menu = id(new PhabricatorMainMenuView()) ->setUser($viewer); if ($this->getController()) { $menu->setController($this->getController()); } if ($this->getApplicationMenu()) { $menu->setApplicationMenu($this->getApplicationMenu()); } $this->menuContent = $menu->render(); } protected function getHead() { $monospaced = PhabricatorEnv::getEnvConfig('style.monospace'); $monospaced_win = PhabricatorEnv::getEnvConfig('style.monospace.windows'); $request = $this->getRequest(); if ($request) { $user = $request->getUser(); if ($user) { $pref = $user->loadPreferences()->getPreference( PhabricatorUserPreferences::PREFERENCE_MONOSPACED); $monospaced = nonempty($pref, $monospaced); $monospaced_win = nonempty($pref, $monospaced_win); } } $response = CelerityAPI::getStaticResourceResponse(); $font_css = null; if (!empty($monospaced)) { $font_css = hsprintf( '', $monospaced); } $font_css_win = null; if (!empty($monospaced_win)) { $font_css_win = hsprintf( '', $monospaced_win); } return hsprintf( '%s%s%s%s', parent::getHead(), $font_css, $font_css_win, $response->renderSingleResource('javelin-magical-init', 'phabricator')); } public function setGlyph($glyph) { $this->glyph = $glyph; return $this; } public function getGlyph() { return $this->glyph; } protected function willSendResponse($response) { $request = $this->getRequest(); $response = parent::willSendResponse($response); $console = $request->getApplicationConfiguration()->getConsole(); if ($console) { $response = PhutilSafeHTML::applyFunction( 'str_replace', hsprintf(''), $console->render($request), $response); } return $response; } protected function getBody() { $user = null; $request = $this->getRequest(); if ($request) { $user = $request->getUser(); } $header_chrome = null; if ($this->getShowChrome()) { $header_chrome = $this->menuContent; } $developer_warning = null; if (PhabricatorEnv::getEnvConfig('phabricator.developer-mode') && DarkConsoleErrorLogPluginAPI::getErrors()) { $developer_warning = phutil_tag_div( 'aphront-developer-error-callout', pht( 'This page raised PHP errors. Find them in DarkConsole '. 'or the error log.')); } // Render the "you have unresolved setup issues..." warning. $setup_warning = null; if ($user && $user->getIsAdmin()) { $open = PhabricatorSetupCheck::getOpenSetupIssueKeys(); if ($open) { $setup_warning = phutil_tag_div( 'setup-warning-callout', phutil_tag( 'a', array( 'href' => '/config/issue/', 'title' => implode(', ', $open), ), pht('You have %d unresolved setup issue(s)...', count($open)))); } } Javelin::initBehavior( 'scrollbar', array( 'nodeID' => 'phabricator-standard-page', 'isMainContent' => true, )); $main_page = phutil_tag( 'div', array( 'id' => 'phabricator-standard-page', 'class' => 'phabricator-standard-page', ), array( $developer_warning, $setup_warning, $header_chrome, phutil_tag( 'div', array( 'id' => 'phabricator-standard-page-body', 'class' => 'phabricator-standard-page-body', ), $this->renderPageBodyContent()), )); $durable_column = null; if ($this->getShowDurableColumn()) { $is_visible = $this->getDurableColumnVisible(); $durable_column = id(new ConpherenceDurableColumnView()) ->setSelectedConpherence(null) ->setUser($user) ->setVisible($is_visible) ->setInitialLoad(true); } Javelin::initBehavior('quicksand-blacklist', array( 'patterns' => $this->getQuicksandURIPatternBlacklist(), )); return phutil_tag( 'div', array( 'class' => 'main-page-frame', ), array( $main_page, $durable_column, )); } private function renderPageBodyContent() { $console = $this->getConsole(); return array( ($console ? hsprintf('') : null), parent::getBody(), $this->renderFooter(), ); } protected function getTail() { $request = $this->getRequest(); $user = $request->getUser(); $tail = array( parent::getTail(), ); $response = CelerityAPI::getStaticResourceResponse(); if (PhabricatorEnv::getEnvConfig('notification.enabled')) { if ($user && $user->isLoggedIn()) { $client_uri = PhabricatorEnv::getEnvConfig('notification.client-uri'); $client_uri = new PhutilURI($client_uri); if ($client_uri->getDomain() == 'localhost') { $this_host = $this->getRequest()->getHost(); $this_host = new PhutilURI('http://'.$this_host.'/'); $client_uri->setDomain($this_host->getDomain()); } $subscriptions = $this->pageObjects; if ($user) { $subscriptions[] = $user->getPHID(); } if ($request->isHTTPS()) { $client_uri->setProtocol('wss'); } else { $client_uri->setProtocol('ws'); } Javelin::initBehavior( 'aphlict-listen', array( 'websocketURI' => (string)$client_uri, 'pageObjects' => array_fill_keys($this->pageObjects, true), 'subscriptions' => $subscriptions, )); } } $tail[] = $response->renderHTMLFooter(); return $tail; } protected function getBodyClasses() { $classes = array(); if (!$this->getShowChrome()) { $classes[] = 'phabricator-chromeless-page'; } $agent = AphrontRequest::getHTTPHeader('User-Agent'); // Try to guess the device resolution based on UA strings to avoid a flash // of incorrectly-styled content. $device_guess = 'device-desktop'; if (preg_match('@iPhone|iPod|(Android.*Chrome/[.0-9]* Mobile)@', $agent)) { $device_guess = 'device-phone device'; } else if (preg_match('@iPad|(Android.*Chrome/)@', $agent)) { $device_guess = 'device-tablet device'; } $classes[] = $device_guess; if (preg_match('@Windows@', $agent)) { $classes[] = 'platform-windows'; } else if (preg_match('@Macintosh@', $agent)) { $classes[] = 'platform-mac'; } else if (preg_match('@X11@', $agent)) { $classes[] = 'platform-linux'; } if ($this->getRequest()->getStr('__print__')) { $classes[] = 'printable'; } if ($this->getRequest()->getStr('__aural__')) { $classes[] = 'audible'; } return implode(' ', $classes); } private function getConsole() { if ($this->disableConsole) { return null; } return $this->getRequest()->getApplicationConfiguration()->getConsole(); } private function renderFooter() { if (!$this->getShowChrome()) { return null; } if (!$this->getShowFooter()) { return null; } $items = PhabricatorEnv::getEnvConfig('ui.footer-items'); if (!$items) { return null; } $foot = array(); foreach ($items as $item) { $name = idx($item, 'name', pht('Unnamed Footer Item')); $href = idx($item, 'href'); - if (!PhabricatorEnv::isValidWebResource($href)) { + if (!PhabricatorEnv::isValidURIForLink($href)) { $href = null; } if ($href !== null) { $tag = 'a'; } else { $tag = 'span'; } $foot[] = phutil_tag( $tag, array( 'href' => $href, ), $name); } $foot = phutil_implode_html(" \xC2\xB7 ", $foot); return phutil_tag( 'div', array( 'class' => 'phabricator-standard-page-footer grouped', ), $foot); } public function renderForQuicksand() { // TODO: We could run a lighter version of this and skip some work. In // particular, we end up including many redundant resources. $this->willRenderPage(); $response = $this->renderPageBodyContent(); $response = $this->willSendResponse($response); return array( 'content' => hsprintf('%s', $response), ); } private function getQuicksandURIPatternBlacklist() { $applications = PhabricatorApplication::getAllApplications(); $blacklist = array(); foreach ($applications as $application) { $blacklist[] = $application->getQuicksandURIPatternBlacklist(); } return array_mergev($blacklist); } private function getUserPreference($key, $default = null) { $request = $this->getRequest(); if (!$request) { return $default; } $user = $request->getUser(); if (!$user) { return $default; } return $user->loadPreferences()->getPreference($key, $default); } }