Merge branch 'master' into v0.9

author: VirtualTam <virtualtam@flibidi.net> 2017-08-23 01:08:41 +0200
committer: VirtualTam <virtualtam@flibidi.net> 2017-08-23 01:08:41 +0200
commit: 9d7a02afcee3c740712a7c95182d332db0504b7e (patch)
tree: 3266e3d3bfec6a3ac075084cbec07ba4090c4cd2 /application/Url.php
parent: c318096c7a6fb3f6b00bd8c694ab7acb8fbb7cd0 (diff)
parent: 7c2460c856c1d561b8347316f3045208f9f3d24e (diff)
download: Shaarli-9d7a02afcee3c740712a7c95182d332db0504b7e.tar.gz
Shaarli-9d7a02afcee3c740712a7c95182d332db0504b7e.tar.zst
Shaarli-9d7a02afcee3c740712a7c95182d332db0504b7e.zip
1 files changed, 24 insertions, 0 deletions
diff --git a/application/Url.php b/application/Url.php
index 25a62a8a..b3759377 100644
--- a/application/Url.php
+++ b/application/Url.php
@@ -64,6 +64,30 @@ function add_trailing_slash($url)
 }
 /**
+ * Replace not whitelisted protocols by 'http://' from given URL.
+ *
+ * @param string $url       URL to clean
+ * @param array  $protocols List of allowed protocols (aside from http(s)).
+ *
+ * @return string URL with allowed protocol
+ */
+function whitelist_protocols($url, $protocols)
+{
+    if (startsWith($url, '?') || startsWith($url, '/')) {
+        return $url;
+    }
+    $protocols = array_merge(['http', 'https'], $protocols);
+    $protocol = preg_match('#^(\w+):/?/?#', $url, $match);
+    // Protocol not allowed: we remove it and replace it with http
+    if ($protocol === 1 && ! in_array($match[1], $protocols)) {
+        $url = str_replace($match[0], 'http://', $url);
+    } else if ($protocol !== 1) {
+        $url = 'http://' . $url;
+    }
+    return $url;
+}
+/**
 * URL representation and cleanup utilities
 *
 * Form
author	VirtualTam <virtualtam@flibidi.net>	2017-08-23 01:08:41 +0200
committer	VirtualTam <virtualtam@flibidi.net>	2017-08-23 01:08:41 +0200
commit	9d7a02afcee3c740712a7c95182d332db0504b7e (patch)
tree	3266e3d3bfec6a3ac075084cbec07ba4090c4cd2 /application/Url.php
parent	c318096c7a6fb3f6b00bd8c694ab7acb8fbb7cd0 (diff)
parent	7c2460c856c1d561b8347316f3045208f9f3d24e (diff)
download	Shaarli-9d7a02afcee3c740712a7c95182d332db0504b7e.tar.gz Shaarli-9d7a02afcee3c740712a7c95182d332db0504b7e.tar.zst Shaarli-9d7a02afcee3c740712a7c95182d332db0504b7e.zip

diff --git a/application/Url.php b/application/Url.php index 25a62a8a..b3759377 100644 --- a/application/Url.php +++ b/application/Url.php
@@ -64,6 +64,30 @@ function add_trailing_slash($url)
64	}	64	}
65		65
66	/**	66	/**
		67	* Replace not whitelisted protocols by 'http://' from given URL.
		68	*
		69	* @param string $url URL to clean
		70	* @param array $protocols List of allowed protocols (aside from http(s)).
		71	*
		72	* @return string URL with allowed protocol
		73	*/
		74	function whitelist_protocols($url, $protocols)
		75	{
		76	if (startsWith($url, '?') \|\| startsWith($url, '/')) {
		77	return $url;
		78	}
		79	$protocols = array_merge(['http', 'https'], $protocols);
		80	$protocol = preg_match('#^(\w+):/?/?#', $url, $match);
		81	// Protocol not allowed: we remove it and replace it with http
		82	if ($protocol === 1 && ! in_array($match[1], $protocols)) {
		83	$url = str_replace($match[0], 'http://', $url);
		84	} else if ($protocol !== 1) {
		85	$url = 'http://' . $url;
		86	}
		87	return $url;
		88	}
		89
		90	/**
67	* URL representation and cleanup utilities	91	* URL representation and cleanup utilities
68	*	92	*
69	* Form	93	* Form