当前位置: 首页>>代码示例>>PHP>>正文


PHP PhabricatorEnv::isValidLocalURIForLink方法代码示例

本文整理汇总了PHP中PhabricatorEnv::isValidLocalURIForLink方法的典型用法代码示例。如果您正苦于以下问题:PHP PhabricatorEnv::isValidLocalURIForLink方法的具体用法?PHP PhabricatorEnv::isValidLocalURIForLink怎么用?PHP PhabricatorEnv::isValidLocalURIForLink使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在PhabricatorEnv的用法示例。


在下文中一共展示了PhabricatorEnv::isValidLocalURIForLink方法的3个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: handleRequest

 public function handleRequest(AphrontRequest $request)
 {
     $viewer = $this->getViewer();
     // If the user already has a full session, just kick them out of here.
     $has_partial_session = $viewer->hasSession() && $viewer->getSession()->getIsPartial();
     if (!$has_partial_session) {
         return id(new AphrontRedirectResponse())->setURI('/');
     }
     $engine = new PhabricatorAuthSessionEngine();
     // If this cookie is set, the user is headed into a high security area
     // after login (normally because of a password reset) so if they are
     // able to pass the checkpoint we just want to put their account directly
     // into high security mode, rather than prompt them again for the same
     // set of credentials.
     $jump_into_hisec = $request->getCookie(PhabricatorCookies::COOKIE_HISEC);
     try {
         $token = $engine->requireHighSecuritySession($viewer, $request, '/logout/', $jump_into_hisec);
     } catch (PhabricatorAuthHighSecurityRequiredException $ex) {
         $form = id(new PhabricatorAuthSessionEngine())->renderHighSecurityForm($ex->getFactors(), $ex->getFactorValidationResults(), $viewer, $request);
         return $this->newDialog()->setTitle(pht('Provide Multi-Factor Credentials'))->setShortTitle(pht('Multi-Factor Login'))->setWidth(AphrontDialogView::WIDTH_FORM)->addHiddenInput(AphrontRequest::TYPE_HISEC, true)->appendParagraph(pht('Welcome, %s. To complete the login process, provide your ' . 'multi-factor credentials.', phutil_tag('strong', array(), $viewer->getUsername())))->appendChild($form->buildLayoutView())->setSubmitURI($request->getPath())->addCancelButton($ex->getCancelURI())->addSubmitButton(pht('Continue'));
     }
     // Upgrade the partial session to a full session.
     $engine->upgradePartialSession($viewer);
     // TODO: It might be nice to add options like "bind this session to my IP"
     // here, even for accounts without multi-factor auth attached to them.
     $next = PhabricatorCookies::getNextURICookie($request);
     $request->clearCookie(PhabricatorCookies::COOKIE_NEXTURI);
     $request->clearCookie(PhabricatorCookies::COOKIE_HISEC);
     if (!PhabricatorEnv::isValidLocalURIForLink($next)) {
         $next = '/';
     }
     return id(new AphrontRedirectResponse())->setURI($next);
 }
开发者ID:pugong,项目名称:phabricator,代码行数:33,代码来源:PhabricatorAuthFinishController.php

示例2: testLocalURIForLink

 public function testLocalURIForLink()
 {
     $map = array('/' => true, '/D123' => true, '/path/to/something/' => true, "/path/to/\nHeader: x" => false, 'http://evil.com/' => false, '//evil.com/evil/' => false, 'javascript:lol' => false, '' => false, null => false, '/\\evil.com' => false);
     foreach ($map as $uri => $expect) {
         $this->assertEqual($expect, PhabricatorEnv::isValidLocalURIForLink($uri), pht('Valid local resource: %s', $uri));
     }
 }
开发者ID:pugong,项目名称:phabricator,代码行数:7,代码来源:PhabricatorEnvTestCase.php

示例3: getURIForRedirect

 /**
  * Format a URI for use in a "Location:" header.
  *
  * Verifies that a URI redirects to the expected type of resource (local or
  * remote) and formats it for use in a "Location:" header.
  *
  * The HTTP spec says "Location:" headers must use absolute URIs. Although
  * browsers work with relative URIs, we return absolute URIs to avoid
  * ambiguity. For example, Chrome interprets "Location: /\evil.com" to mean
  * "perform a protocol-relative redirect to evil.com".
  *
  * @param   string  URI to redirect to.
  * @param   bool    True if this URI identifies a remote resource.
  * @return  string  URI for use in a "Location:" header.
  */
 public static function getURIForRedirect($uri, $is_external)
 {
     $uri_object = new PhutilURI($uri);
     if ($is_external) {
         // If this is a remote resource it must have a domain set. This
         // would also be caught below, but testing for it explicitly first allows
         // us to raise a better error message.
         if (!strlen($uri_object->getDomain())) {
             throw new Exception(pht('Refusing to redirect to external URI "%s". This URI ' . 'is not fully qualified, and is missing a domain name. To ' . 'redirect to a local resource, remove the external flag.', (string) $uri));
         }
         // Check that it's a valid remote resource.
         if (!PhabricatorEnv::isValidURIForLink($uri)) {
             throw new Exception(pht('Refusing to redirect to external URI "%s". This URI ' . 'is not a valid remote web resource.', (string) $uri));
         }
     } else {
         // If this is a local resource, it must not have a domain set. This allows
         // us to raise a better error message than the check below can.
         if (strlen($uri_object->getDomain())) {
             throw new Exception(pht('Refusing to redirect to local resource "%s". The URI has a ' . 'domain, but the redirect is not marked external. Mark ' . 'redirects as external to allow redirection off the local ' . 'domain.', (string) $uri));
         }
         // If this is a local resource, it must be a valid local resource.
         if (!PhabricatorEnv::isValidLocalURIForLink($uri)) {
             throw new Exception(pht('Refusing to redirect to local resource "%s". This URI is not ' . 'formatted in a recognizable way.', (string) $uri));
         }
         // Fully qualify the result URI.
         $uri = PhabricatorEnv::getURI((string) $uri);
     }
     return (string) $uri;
 }
开发者ID:pugong,项目名称:phabricator,代码行数:44,代码来源:AphrontRedirectResponse.php


注:本文中的PhabricatorEnv::isValidLocalURIForLink方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。