Validate::uri replaced with filter_var for HTTP[S] URL checks

Also, a bug in checking the OAuth callback URL for validity was fixed,
where it referenced the wrong variable when going through form data.
This commit is contained in:
Mikael Nordfeldth 2013-10-07 14:46:09 +02:00
parent 2c0790be54
commit 8912cdc7a4
18 changed files with 57 additions and 110 deletions

View File

@ -152,9 +152,7 @@ class ApiAccountRegisterAction extends ApiAction
// TRANS: Form validation error displayed when trying to register with an already registered e-mail address.
$this->clientError(_('Email address already exists.'),404,'json');
} else if (!is_null($homepage) && (strlen($homepage) > 0) &&
!Validate::uri($homepage,
array('allowed_schemes' =>
array('http', 'https')))) {
!common_valid_http_url($homepage)) {
// TRANS: Form validation error displayed when trying to register with an invalid homepage URL.
$this->clientError(_('Homepage is not a valid URL.'),404,'json');
return;

View File

@ -45,22 +45,17 @@ class ApiCheckHubAction extends ApiAuthAction
{
parent::prepare($args);
$this->url = urldecode($args['url']);
$this->url = urldecode($args['url']);
if (!$this->url) {
if (empty($this->url)) {
$this->clientError(_('No URL.'), 403, 'json');
return;
}
}
if (!Validate::uri(
$this->url, array(
'allowed_schemes' =>
array('http', 'https')
)
)) {
if (!common_valid_http_url($this->url)) {
$this->clientError(_('Invalid URL.'), 403, 'json');
return;
}
}
return true;
}

View File

@ -165,15 +165,9 @@ class ApiGroupCreateAction extends ApiAuthAction
);
return false;
} elseif (
!is_null($this->homepage)
&& strlen($this->homepage) > 0
&& !Validate::uri(
$this->homepage, array(
'allowed_schemes' =>
array('http', 'https')
)
)) {
} elseif (!is_null($this->homepage)
&& strlen($this->homepage) > 0
&& !common_valid_http_url($this->homepage)) {
$this->clientError(
// TRANS: Client error in form for group creation.
_('Homepage is not a valid URL.'),

View File

@ -267,13 +267,8 @@ class ApiGroupProfileUpdateAction extends ApiAuthAction
function validateHomepage()
{
if (!is_null($this->homepage)
&& (strlen($this->homepage) > 0)
&& !Validate::uri(
$this->homepage,
array('allowed_schemes' => array('http', 'https')
)
)
) {
&& (strlen($this->homepage) > 0)
&& !common_valid_http_url($this->homepage)) {
throw new ApiValidationException(
// TRANS: API validation exception thrown when homepage URL does not validate.
_('Homepage is not a valid URL.')

View File

@ -146,7 +146,7 @@ class ApiOAuthRequestTokenAction extends ApiOAuthAction
return true;
} else {
return Validate::uri($callback);
return common_valid_http_url($callback);
}
}
}

View File

@ -210,12 +210,10 @@ class EditApplicationAction extends Action
$this->showForm(_('Source URL is too long.'));
return;
} elseif ((mb_strlen($source_url) > 0)
&& !Validate::uri($source_url,
array('allowed_schemes' => array('http', 'https'))))
{
// TRANS: Validation error shown when providing an invalid source URL in the "Edit application" form.
$this->showForm(_('Source URL is not valid.'));
return;
&& !common_valid_http_url($source_url)) {
// TRANS: Validation error shown when providing an invalid source URL in the "Edit application" form.
$this->showForm(_('Source URL is not valid.'));
return;
} elseif (empty($organization)) {
// TRANS: Validation error shown when not providing an organisation in the "Edit application" form.
$this->showForm(_('Organization is required.'));
@ -229,25 +227,20 @@ class EditApplicationAction extends Action
$this->showForm(_('Organization homepage is required.'));
return;
} elseif ((mb_strlen($homepage) > 0)
&& !Validate::uri($homepage,
array('allowed_schemes' => array('http', 'https'))))
{
// TRANS: Validation error shown when providing an invalid homepage URL in the "Edit application" form.
$this->showForm(_('Homepage is not a valid URL.'));
return;
} elseif (mb_strlen($callback_url) > 255) {
// TRANS: Validation error shown when providing too long a callback URL in the "Edit application" form.
$this->showForm(_('Callback is too long.'));
return;
} elseif (mb_strlen($callback_url) > 0
&& !Validate::uri($source_url,
array('allowed_schemes' => array('http', 'https'))
))
{
// TRANS: Validation error shown when providing an invalid callback URL in the "Edit application" form.
$this->showForm(_('Callback URL is not valid.'));
return;
}
&& !common_valid_http_url($homepage)) {
// TRANS: Validation error shown when providing an invalid homepage URL in the "Edit application" form.
$this->showForm(_('Homepage is not a valid URL.'));
return;
} elseif (mb_strlen($callback_url) > 255) {
// TRANS: Validation error shown when providing too long a callback URL in the "Edit application" form.
$this->showForm(_('Callback is too long.'));
return;
} elseif (mb_strlen($callback_url) > 0
&& !common_valid_http_url($callback_url)) {
// TRANS: Validation error shown when providing an invalid callback URL in the "Edit application" form.
$this->showForm(_('Callback URL is not valid.'));
return;
}
$cur = common_current_user();

View File

@ -198,9 +198,7 @@ class EditgroupAction extends GroupAction
$this->showForm(_('Not a valid nickname.'));
return;
} else if (!is_null($homepage) && (strlen($homepage) > 0) &&
!Validate::uri($homepage,
array('allowed_schemes' =>
array('http', 'https')))) {
!common_valid_http_url($homepage)) {
// TRANS: Group edit form validation error.
$this->showForm(_('Homepage is not a valid URL.'));
return;

View File

@ -155,18 +155,14 @@ class LicenseadminpanelAction extends AdminPanelAction
);
}
// make sure the license URL and license image URL are valid URLs
$options = array('allowed_schemes' => array('http', 'https'));
// URLs should be set for cc license
if ($values['license']['type'] == 'cc') {
if (!Validate::uri($values['license']['url'], $options)) {
if (!common_valid_http_url($values['license']['url'])) {
// TRANS: Client error displayed specifying an invalid license URL in the license admin panel.
$this->clientError(_('Invalid license URL.'));
}
if (!Validate::uri($values['license']['image'], $options)) {
if (!common_valid_http_url($values['license']['image'])) {
// TRANS: Client error displayed specifying an invalid license image URL in the license admin panel.
$this->clientError(_('Invalid license image URL.'));
}
@ -175,7 +171,7 @@ class LicenseadminpanelAction extends AdminPanelAction
// can be either blank or a valid URL for private & allrightsreserved
if (!empty($values['license']['url'])) {
if (!Validate::uri($values['license']['url'], $options)) {
if (!common_valid_http_url($values['license']['url'])) {
// TRANS: Client error displayed specifying an invalid license URL in the license admin panel.
$this->clientError(_('License URL must be blank or a valid URL.'));
}
@ -184,7 +180,7 @@ class LicenseadminpanelAction extends AdminPanelAction
// can be either blank or a valid URL for private & allrightsreserved
if (!empty($values['license']['image'])) {
if (!Validate::uri($values['license']['image'], $options)) {
if (!common_valid_http_url($values['license']['image'])) {
// TRANS: Client error displayed specifying an invalid license image URL in the license admin panel.
$this->clientError(_('License image must be blank or valid URL.'));
}

View File

@ -122,12 +122,7 @@ class NewApplicationAction extends FormAction
} elseif (empty($source_url)) {
// TRANS: Validation error shown when not providing a source URL in the "New application" form.
$this->clientError(_('Source URL is required.'));
} elseif ((strlen($source_url) > 0)
&& !Validate::uri(
$source_url,
array('allowed_schemes' => array('http', 'https'))
)
) {
} elseif ((strlen($source_url) > 0) && !common_valid_http_url($source_url)) {
// TRANS: Validation error shown when providing an invalid source URL in the "New application" form.
$this->clientError(_('Source URL is not valid.'));
} elseif (empty($organization)) {
@ -139,23 +134,13 @@ class NewApplicationAction extends FormAction
} elseif (empty($homepage)) {
// TRANS: Form validation error show when an organisation name has not been provided in the new application form.
$this->clientError(_('Organization homepage is required.'));
} elseif ((strlen($homepage) > 0)
&& !Validate::uri(
$homepage,
array('allowed_schemes' => array('http', 'https'))
)
) {
} elseif ((strlen($homepage) > 0) && !common_valid_http_url($homepage)) {
// TRANS: Validation error shown when providing an invalid homepage URL in the "New application" form.
$this->clientError(_('Homepage is not a valid URL.'));
} elseif (mb_strlen($callback_url) > 255) {
// TRANS: Validation error shown when providing too long a callback URL in the "New application" form.
$this->clientError(_('Callback is too long.'));
} elseif (strlen($callback_url) > 0
&& !Validate::uri(
$source_url,
array('allowed_schemes' => array('http', 'https'))
)
) {
} elseif (strlen($callback_url) > 0 && !common_valid_http_url($callback_url)) {
// TRANS: Validation error shown when providing an invalid callback URL in the "New application" form.
$this->clientError(_('Callback URL is not valid.'));
}

View File

@ -102,9 +102,7 @@ class NewgroupAction extends FormAction
// TRANS: Group create form validation error.
throw new ClientException(_('Not a valid nickname.'));
} else if (!is_null($homepage) && (strlen($homepage) > 0) &&
!Validate::uri($homepage,
array('allowed_schemes' =>
array('http', 'https')))) {
!common_valid_http_url($homepage)) {
// TRANS: Group create form validation error.
throw new ClientException(_('Homepage is not a valid URL.'));
} else if (!is_null($fullname) && mb_strlen($fullname) > 255) {

View File

@ -263,7 +263,7 @@ class ProfilesettingsAction extends SettingsAction
$this->showForm(_('Not a valid nickname.'));
return;
} else if (!is_null($homepage) && (strlen($homepage) > 0) &&
!Validate::uri($homepage, array('allowed_schemes' => array('http', 'https')))) {
!common_valid_http_url($homepage)) {
// TRANS: Validation error in form for profile settings.
$this->showForm(_('Homepage is not a valid URL.'));
return;

View File

@ -215,9 +215,7 @@ class RegisterAction extends Action
// TRANS: Form validation error displayed when trying to register with an already registered e-mail address.
$this->showForm(_('Email address already exists.'));
} else if (!is_null($homepage) && (strlen($homepage) > 0) &&
!Validate::uri($homepage,
array('allowed_schemes' =>
array('http', 'https')))) {
!common_valid_http_url($homepage)) {
// TRANS: Form validation error displayed when trying to register with an invalid homepage URL.
$this->showForm(_('Homepage is not a valid URL.'));
return;

View File

@ -156,13 +156,13 @@ class SiteadminpanelAction extends AdminPanelAction
// Validate logos
if (!empty($values['site']['logo']) &&
!Validate::uri($values['site']['logo'], array('allowed_schemes' => array('http', 'https')))) {
!common_valid_http_url($values['site']['logo'])) {
// TRANS: Client error displayed when a logo URL is not valid.
$this->clientError(_('Invalid logo URL.'));
}
if (!empty($values['site']['ssllogo']) &&
!Validate::uri($values['site']['ssllogo'], array('allowed_schemes' => array('https')))) {
!common_valid_http_url($values['site']['ssllogo'], true)) {
// TRANS: Client error displayed when a SSL logo URL is invalid.
$this->clientError(_('Invalid SSL logo URL.'));
}

View File

@ -135,11 +135,7 @@ class SnapshotadminpanelAction extends AdminPanelAction
// Validate report URL
if (!is_null($values['snapshot']['reporturl'])
&& !Validate::uri(
$values['snapshot']['reporturl'],
array('allowed_schemes' => array('http', 'https')
)
)) {
&& !common_valid_http_url($values['snapshot']['reporturl'])) {
// TRANS: Client error displayed on admin panel for snapshots when providing an invalid report URL.
$this->clientError(_('Invalid snapshot report URL.'));
}

View File

@ -1720,9 +1720,13 @@ function common_log_objstring(&$object)
return $objstring;
}
function common_valid_http_url($url)
function common_valid_http_url($url, $secure=false)
{
return Validate::uri($url, array('allowed_schemes' => array('http', 'https')));
// If $secure is true, only allow https URLs to pass
// (if false, we use '?' in 'https?' to say the 's' is optional)
$regex = $secure ? '/^https$/' : '/^https?$/';
return filter_var($url, FILTER_VALIDATE_URL)
&& preg_match($regex, parse_url($url, PHP_URL_SCHEME));
}
function common_valid_tag($tag)

View File

@ -74,7 +74,7 @@ class BookmarkforurlAction extends Action
throw new ClientException(_('URL is required.'), 400);
}
if (!Validate::uri($this->url, array('allowed_schemes' => array('http', 'https')))) {
if (!common_valid_http_url($this->url)) {
throw new ClientException(_('Invalid URL.'), 400);
}

View File

@ -267,10 +267,7 @@ class ProfileDetailSettingsAction extends ProfileSettingsAction
$this->removeAll($user, 'website');
$i = 0;
foreach($sites as $site) {
if (!empty($site['value']) && !Validate::uri(
$site['value'],
array('allowed_schemes' => array('http', 'https')))
) {
if (!empty($site['value']) && !common_valid_http_url($site['value'])) {
// TRANS: Exception thrown when entering an invalid URL.
// TRANS: %s is the invalid URL.
throw new Exception(sprintf(_m('Invalid URL: %s.'), $site['value']));

View File

@ -1323,7 +1323,7 @@ class Ostatus_profile extends Managed_DataObject
}
if ($url) {
$opts = array('allowed_schemes' => array('http', 'https'));
if (Validate::uri($url, $opts)) {
if (common_valid_http_url($url)) {
return $url;
}
}
@ -1615,7 +1615,7 @@ class Ostatus_profile extends Managed_DataObject
$profile->profileurl = $object->link;
} else if (array_key_exists('profileurl', $hints)) {
$profile->profileurl = $hints['profileurl'];
} else if (Validate::uri($object->id, array('allowed_schemes' => array('http', 'https')))) {
} else if (common_valid_http_url($object->id)) {
$profile->profileurl = $object->id;
}