X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=application%2FUrl.php;h=6b9870f0c1bb468ebafd67e2d71123411f598a0c;hb=d37348efe280f0b72807ea6f62fca63e2ad28991;hp=af38c4d9155ed4eb856691c941f26f11714b77be;hpb=11609d9fd8ba53f049e6c913d8e3affab6cfc9ce;p=github%2Fshaarli%2FShaarli.git

diff --git a/application/Url.php b/application/Url.php
index af38c4d9..6b9870f0 100644
--- a/application/Url.php
+++ b/application/Url.php
@@ -63,6 +63,30 @@ function add_trailing_slash($url)
     return $url . (!endsWith($url, '/') ? '/' : '');
 }
 
+/**
+ * Replace not whitelisted protocols by 'http://' from given URL.
+ *
+ * @param string $url       URL to clean
+ * @param array  $protocols List of allowed protocols (aside from http(s)).
+ *
+ * @return string URL with allowed protocol
+ */
+function whitelist_protocols($url, $protocols)
+{
+    if (startsWith($url, '?') || startsWith($url, '/')) {
+        return $url;
+    }
+    $protocols = array_merge(['http', 'https'], $protocols);
+    $protocol = preg_match('#^(\w+):/?/?#', $url, $match);
+    // Protocol not allowed: we remove it and replace it with http
+    if ($protocol === 1 && ! in_array($match[1], $protocols)) {
+        $url = str_replace($match[0], 'http://', $url);
+    } elseif ($protocol !== 1) {
+        $url = 'http://' . $url;
+    }
+    return $url;
+}
+
 /**
  * URL representation and cleanup utilities
  *
@@ -85,6 +109,7 @@ class Url
         'action_type_map=',
         'fb_',
         'fb=',
+        'PHPSESSID=',
 
         // Scoop.it
         '__scoop',
@@ -93,7 +118,10 @@ class Url
         'utm_',
 
         // ATInternet
-        'xtor='
+        'xtor=',
+
+        // Other
+        'campaign_'
     );
 
     private static $annoyingFragments = array(
@@ -220,6 +248,22 @@ class Url
         return $this->toString();
     }
 
+    /**
+     * Converts an URL with an International Domain Name host to a ASCII one.
+     * This requires PHP-intl. If it's not available, just returns this->cleanup().
+     *
+     * @return string converted cleaned up URL.
+     */
+    public function idnToAscii()
+    {
+        $out = $this->cleanup();
+        if (! function_exists('idn_to_ascii') || ! isset($this->parts['host'])) {
+            return $out;
+        }
+        $asciiHost = idn_to_ascii($this->parts['host'], 0, INTL_IDNA_VARIANT_UTS46);
+        return str_replace($this->parts['host'], $asciiHost, $out);
+    }
+
     /**
      * Get URL scheme.
      *
@@ -232,6 +276,18 @@ class Url
         return $this->parts['scheme'];
     }
 
+    /**
+     * Get URL host.
+     *
+     * @return string the URL host or false if none is provided.
+     */
+    public function getHost() {
+        if (empty($this->parts['host'])) {
+            return false;
+        }
+        return $this->parts['host'];
+    }
+
     /**
      * Test if the Url is an HTTP one.
      *