Validate::uri replaced with filter_var for HTTP[S] URL checks
Also, a bug in checking the OAuth callback URL for validity was fixed, where it referenced the wrong variable when going through form data.
This commit is contained in:
Mikael Nordfeldth
parent
2c0790be54
commit
8912cdc7a4
|
|
@ -152,9 +152,7 @@ class ApiAccountRegisterAction extends ApiAction
|
|||
// TRANS: Form validation error displayed when trying to register with an already registered e-mail address.
|
||||
$this->clientError(_('Email address already exists.'),404,'json');
|
||||
} else if (!is_null($homepage) && (strlen($homepage) > 0) &&
|
||||
!Validate::uri($homepage,
|
||||
array('allowed_schemes' =>
|
||||
array('http', 'https')))) {
|
||||
!common_valid_http_url($homepage)) {
|
||||
// TRANS: Form validation error displayed when trying to register with an invalid homepage URL.
|
||||
$this->clientError(_('Homepage is not a valid URL.'),404,'json');
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -45,23 +45,18 @@ class ApiCheckHubAction extends ApiAuthAction
|
|||
{
|
||||
parent::prepare($args);
|
||||
|
||||
$this->url = urldecode($args['url']);
|
||||
|
||||
if (!$this->url) {
|
||||
$this->url = urldecode($args['url']);
|
||||
|
||||
if (empty($this->url)) {
|
||||
$this->clientError(_('No URL.'), 403, 'json');
|
||||
return;
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
if (!Validate::uri(
|
||||
$this->url, array(
|
||||
'allowed_schemes' =>
|
||||
array('http', 'https')
|
||||
)
|
||||
)) {
|
||||
if (!common_valid_http_url($this->url)) {
|
||||
$this->clientError(_('Invalid URL.'), 403, 'json');
|
||||
return;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -165,15 +165,9 @@ class ApiGroupCreateAction extends ApiAuthAction
|
|||
);
|
||||
return false;
|
||||
|
||||
} elseif (
|
||||
!is_null($this->homepage)
|
||||
&& strlen($this->homepage) > 0
|
||||
&& !Validate::uri(
|
||||
$this->homepage, array(
|
||||
'allowed_schemes' =>
|
||||
array('http', 'https')
|
||||
)
|
||||
)) {
|
||||
} elseif (!is_null($this->homepage)
|
||||
&& strlen($this->homepage) > 0
|
||||
&& !common_valid_http_url($this->homepage)) {
|
||||
$this->clientError(
|
||||
// TRANS: Client error in form for group creation.
|
||||
_('Homepage is not a valid URL.'),
|
||||
|
|
|
|||
|
|
@ -267,13 +267,8 @@ class ApiGroupProfileUpdateAction extends ApiAuthAction
|
|||
function validateHomepage()
|
||||
{
|
||||
if (!is_null($this->homepage)
|
||||
&& (strlen($this->homepage) > 0)
|
||||
&& !Validate::uri(
|
||||
$this->homepage,
|
||||
array('allowed_schemes' => array('http', 'https')
|
||||
)
|
||||
)
|
||||
) {
|
||||
&& (strlen($this->homepage) > 0)
|
||||
&& !common_valid_http_url($this->homepage)) {
|
||||
throw new ApiValidationException(
|
||||
// TRANS: API validation exception thrown when homepage URL does not validate.
|
||||
_('Homepage is not a valid URL.')
|
||||
|
|
|
|||
|
|
@ -146,7 +146,7 @@ class ApiOAuthRequestTokenAction extends ApiOAuthAction
|
|||
|
||||
return true;
|
||||
} else {
|
||||
return Validate::uri($callback);
|
||||
return common_valid_http_url($callback);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -210,12 +210,10 @@ class EditApplicationAction extends Action
|
|||
$this->showForm(_('Source URL is too long.'));
|
||||
return;
|
||||
} elseif ((mb_strlen($source_url) > 0)
|
||||
&& !Validate::uri($source_url,
|
||||
array('allowed_schemes' => array('http', 'https'))))
|
||||
{
|
||||
// TRANS: Validation error shown when providing an invalid source URL in the "Edit application" form.
|
||||
$this->showForm(_('Source URL is not valid.'));
|
||||
return;
|
||||
&& !common_valid_http_url($source_url)) {
|
||||
// TRANS: Validation error shown when providing an invalid source URL in the "Edit application" form.
|
||||
$this->showForm(_('Source URL is not valid.'));
|
||||
return;
|
||||
} elseif (empty($organization)) {
|
||||
// TRANS: Validation error shown when not providing an organisation in the "Edit application" form.
|
||||
$this->showForm(_('Organization is required.'));
|
||||
|
|
@ -229,25 +227,20 @@ class EditApplicationAction extends Action
|
|||
$this->showForm(_('Organization homepage is required.'));
|
||||
return;
|
||||
} elseif ((mb_strlen($homepage) > 0)
|
||||
&& !Validate::uri($homepage,
|
||||
array('allowed_schemes' => array('http', 'https'))))
|
||||
{
|
||||
// TRANS: Validation error shown when providing an invalid homepage URL in the "Edit application" form.
|
||||
$this->showForm(_('Homepage is not a valid URL.'));
|
||||
return;
|
||||
} elseif (mb_strlen($callback_url) > 255) {
|
||||
// TRANS: Validation error shown when providing too long a callback URL in the "Edit application" form.
|
||||
$this->showForm(_('Callback is too long.'));
|
||||
return;
|
||||
} elseif (mb_strlen($callback_url) > 0
|
||||
&& !Validate::uri($source_url,
|
||||
array('allowed_schemes' => array('http', 'https'))
|
||||
))
|
||||
{
|
||||
// TRANS: Validation error shown when providing an invalid callback URL in the "Edit application" form.
|
||||
$this->showForm(_('Callback URL is not valid.'));
|
||||
return;
|
||||
}
|
||||
&& !common_valid_http_url($homepage)) {
|
||||
// TRANS: Validation error shown when providing an invalid homepage URL in the "Edit application" form.
|
||||
$this->showForm(_('Homepage is not a valid URL.'));
|
||||
return;
|
||||
} elseif (mb_strlen($callback_url) > 255) {
|
||||
// TRANS: Validation error shown when providing too long a callback URL in the "Edit application" form.
|
||||
$this->showForm(_('Callback is too long.'));
|
||||
return;
|
||||
} elseif (mb_strlen($callback_url) > 0
|
||||
&& !common_valid_http_url($callback_url)) {
|
||||
// TRANS: Validation error shown when providing an invalid callback URL in the "Edit application" form.
|
||||
$this->showForm(_('Callback URL is not valid.'));
|
||||
return;
|
||||
}
|
||||
|
||||
$cur = common_current_user();
|
||||
|
||||
|
|
|
|||
|
|
@ -198,9 +198,7 @@ class EditgroupAction extends GroupAction
|
|||
$this->showForm(_('Not a valid nickname.'));
|
||||
return;
|
||||
} else if (!is_null($homepage) && (strlen($homepage) > 0) &&
|
||||
!Validate::uri($homepage,
|
||||
array('allowed_schemes' =>
|
||||
array('http', 'https')))) {
|
||||
!common_valid_http_url($homepage)) {
|
||||
// TRANS: Group edit form validation error.
|
||||
$this->showForm(_('Homepage is not a valid URL.'));
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -155,18 +155,14 @@ class LicenseadminpanelAction extends AdminPanelAction
|
|||
);
|
||||
}
|
||||
|
||||
// make sure the license URL and license image URL are valid URLs
|
||||
|
||||
$options = array('allowed_schemes' => array('http', 'https'));
|
||||
|
||||
// URLs should be set for cc license
|
||||
|
||||
if ($values['license']['type'] == 'cc') {
|
||||
if (!Validate::uri($values['license']['url'], $options)) {
|
||||
if (!common_valid_http_url($values['license']['url'])) {
|
||||
// TRANS: Client error displayed specifying an invalid license URL in the license admin panel.
|
||||
$this->clientError(_('Invalid license URL.'));
|
||||
}
|
||||
if (!Validate::uri($values['license']['image'], $options)) {
|
||||
if (!common_valid_http_url($values['license']['image'])) {
|
||||
// TRANS: Client error displayed specifying an invalid license image URL in the license admin panel.
|
||||
$this->clientError(_('Invalid license image URL.'));
|
||||
}
|
||||
|
|
@ -175,7 +171,7 @@ class LicenseadminpanelAction extends AdminPanelAction
|
|||
// can be either blank or a valid URL for private & allrightsreserved
|
||||
|
||||
if (!empty($values['license']['url'])) {
|
||||
if (!Validate::uri($values['license']['url'], $options)) {
|
||||
if (!common_valid_http_url($values['license']['url'])) {
|
||||
// TRANS: Client error displayed specifying an invalid license URL in the license admin panel.
|
||||
$this->clientError(_('License URL must be blank or a valid URL.'));
|
||||
}
|
||||
|
|
@ -184,7 +180,7 @@ class LicenseadminpanelAction extends AdminPanelAction
|
|||
// can be either blank or a valid URL for private & allrightsreserved
|
||||
|
||||
if (!empty($values['license']['image'])) {
|
||||
if (!Validate::uri($values['license']['image'], $options)) {
|
||||
if (!common_valid_http_url($values['license']['image'])) {
|
||||
// TRANS: Client error displayed specifying an invalid license image URL in the license admin panel.
|
||||
$this->clientError(_('License image must be blank or valid URL.'));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -122,12 +122,7 @@ class NewApplicationAction extends FormAction
|
|||
} elseif (empty($source_url)) {
|
||||
// TRANS: Validation error shown when not providing a source URL in the "New application" form.
|
||||
$this->clientError(_('Source URL is required.'));
|
||||
} elseif ((strlen($source_url) > 0)
|
||||
&& !Validate::uri(
|
||||
$source_url,
|
||||
array('allowed_schemes' => array('http', 'https'))
|
||||
)
|
||||
) {
|
||||
} elseif ((strlen($source_url) > 0) && !common_valid_http_url($source_url)) {
|
||||
// TRANS: Validation error shown when providing an invalid source URL in the "New application" form.
|
||||
$this->clientError(_('Source URL is not valid.'));
|
||||
} elseif (empty($organization)) {
|
||||
|
|
@ -139,23 +134,13 @@ class NewApplicationAction extends FormAction
|
|||
} elseif (empty($homepage)) {
|
||||
// TRANS: Form validation error show when an organisation name has not been provided in the new application form.
|
||||
$this->clientError(_('Organization homepage is required.'));
|
||||
} elseif ((strlen($homepage) > 0)
|
||||
&& !Validate::uri(
|
||||
$homepage,
|
||||
array('allowed_schemes' => array('http', 'https'))
|
||||
)
|
||||
) {
|
||||
} elseif ((strlen($homepage) > 0) && !common_valid_http_url($homepage)) {
|
||||
// TRANS: Validation error shown when providing an invalid homepage URL in the "New application" form.
|
||||
$this->clientError(_('Homepage is not a valid URL.'));
|
||||
} elseif (mb_strlen($callback_url) > 255) {
|
||||
// TRANS: Validation error shown when providing too long a callback URL in the "New application" form.
|
||||
$this->clientError(_('Callback is too long.'));
|
||||
} elseif (strlen($callback_url) > 0
|
||||
&& !Validate::uri(
|
||||
$source_url,
|
||||
array('allowed_schemes' => array('http', 'https'))
|
||||
)
|
||||
) {
|
||||
} elseif (strlen($callback_url) > 0 && !common_valid_http_url($callback_url)) {
|
||||
// TRANS: Validation error shown when providing an invalid callback URL in the "New application" form.
|
||||
$this->clientError(_('Callback URL is not valid.'));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -102,9 +102,7 @@ class NewgroupAction extends FormAction
|
|||
// TRANS: Group create form validation error.
|
||||
throw new ClientException(_('Not a valid nickname.'));
|
||||
} else if (!is_null($homepage) && (strlen($homepage) > 0) &&
|
||||
!Validate::uri($homepage,
|
||||
array('allowed_schemes' =>
|
||||
array('http', 'https')))) {
|
||||
!common_valid_http_url($homepage)) {
|
||||
// TRANS: Group create form validation error.
|
||||
throw new ClientException(_('Homepage is not a valid URL.'));
|
||||
} else if (!is_null($fullname) && mb_strlen($fullname) > 255) {
|
||||
|
|
|
|||
|
|
@ -263,7 +263,7 @@ class ProfilesettingsAction extends SettingsAction
|
|||
$this->showForm(_('Not a valid nickname.'));
|
||||
return;
|
||||
} else if (!is_null($homepage) && (strlen($homepage) > 0) &&
|
||||
!Validate::uri($homepage, array('allowed_schemes' => array('http', 'https')))) {
|
||||
!common_valid_http_url($homepage)) {
|
||||
// TRANS: Validation error in form for profile settings.
|
||||
$this->showForm(_('Homepage is not a valid URL.'));
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -215,9 +215,7 @@ class RegisterAction extends Action
|
|||
// TRANS: Form validation error displayed when trying to register with an already registered e-mail address.
|
||||
$this->showForm(_('Email address already exists.'));
|
||||
} else if (!is_null($homepage) && (strlen($homepage) > 0) &&
|
||||
!Validate::uri($homepage,
|
||||
array('allowed_schemes' =>
|
||||
array('http', 'https')))) {
|
||||
!common_valid_http_url($homepage)) {
|
||||
// TRANS: Form validation error displayed when trying to register with an invalid homepage URL.
|
||||
$this->showForm(_('Homepage is not a valid URL.'));
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -156,13 +156,13 @@ class SiteadminpanelAction extends AdminPanelAction
|
|||
|
||||
// Validate logos
|
||||
if (!empty($values['site']['logo']) &&
|
||||
!Validate::uri($values['site']['logo'], array('allowed_schemes' => array('http', 'https')))) {
|
||||
!common_valid_http_url($values['site']['logo'])) {
|
||||
// TRANS: Client error displayed when a logo URL is not valid.
|
||||
$this->clientError(_('Invalid logo URL.'));
|
||||
}
|
||||
|
||||
if (!empty($values['site']['ssllogo']) &&
|
||||
!Validate::uri($values['site']['ssllogo'], array('allowed_schemes' => array('https')))) {
|
||||
!common_valid_http_url($values['site']['ssllogo'], true)) {
|
||||
// TRANS: Client error displayed when a SSL logo URL is invalid.
|
||||
$this->clientError(_('Invalid SSL logo URL.'));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -135,11 +135,7 @@ class SnapshotadminpanelAction extends AdminPanelAction
|
|||
// Validate report URL
|
||||
|
||||
if (!is_null($values['snapshot']['reporturl'])
|
||||
&& !Validate::uri(
|
||||
$values['snapshot']['reporturl'],
|
||||
array('allowed_schemes' => array('http', 'https')
|
||||
)
|
||||
)) {
|
||||
&& !common_valid_http_url($values['snapshot']['reporturl'])) {
|
||||
// TRANS: Client error displayed on admin panel for snapshots when providing an invalid report URL.
|
||||
$this->clientError(_('Invalid snapshot report URL.'));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1720,9 +1720,13 @@ function common_log_objstring(&$object)
|
|||
return $objstring;
|
||||
}
|
||||
|
||||
function common_valid_http_url($url)
|
||||
function common_valid_http_url($url, $secure=false)
|
||||
{
|
||||
return Validate::uri($url, array('allowed_schemes' => array('http', 'https')));
|
||||
// If $secure is true, only allow https URLs to pass
|
||||
// (if false, we use '?' in 'https?' to say the 's' is optional)
|
||||
$regex = $secure ? '/^https$/' : '/^https?$/';
|
||||
return filter_var($url, FILTER_VALIDATE_URL)
|
||||
&& preg_match($regex, parse_url($url, PHP_URL_SCHEME));
|
||||
}
|
||||
|
||||
function common_valid_tag($tag)
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@ class BookmarkforurlAction extends Action
|
|||
throw new ClientException(_('URL is required.'), 400);
|
||||
}
|
||||
|
||||
if (!Validate::uri($this->url, array('allowed_schemes' => array('http', 'https')))) {
|
||||
if (!common_valid_http_url($this->url)) {
|
||||
throw new ClientException(_('Invalid URL.'), 400);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -267,10 +267,7 @@ class ProfileDetailSettingsAction extends ProfileSettingsAction
|
|||
$this->removeAll($user, 'website');
|
||||
$i = 0;
|
||||
foreach($sites as $site) {
|
||||
if (!empty($site['value']) && !Validate::uri(
|
||||
$site['value'],
|
||||
array('allowed_schemes' => array('http', 'https')))
|
||||
) {
|
||||
if (!empty($site['value']) && !common_valid_http_url($site['value'])) {
|
||||
// TRANS: Exception thrown when entering an invalid URL.
|
||||
// TRANS: %s is the invalid URL.
|
||||
throw new Exception(sprintf(_m('Invalid URL: %s.'), $site['value']));
|
||||
|
|
|
|||
|
|
@ -1323,7 +1323,7 @@ class Ostatus_profile extends Managed_DataObject
|
|||
}
|
||||
if ($url) {
|
||||
$opts = array('allowed_schemes' => array('http', 'https'));
|
||||
if (Validate::uri($url, $opts)) {
|
||||
if (common_valid_http_url($url)) {
|
||||
return $url;
|
||||
}
|
||||
}
|
||||
|
|
@ -1615,7 +1615,7 @@ class Ostatus_profile extends Managed_DataObject
|
|||
$profile->profileurl = $object->link;
|
||||
} else if (array_key_exists('profileurl', $hints)) {
|
||||
$profile->profileurl = $hints['profileurl'];
|
||||
} else if (Validate::uri($object->id, array('allowed_schemes' => array('http', 'https')))) {
|
||||
} else if (common_valid_http_url($object->id)) {
|
||||
$profile->profileurl = $object->id;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user