From 4d4d16f25985f133501f20fdddd183e525f00341 Mon Sep 17 00:00:00 2001 From: epriestley Date: Tue, 28 Jun 2016 14:43:41 -0700 Subject: [PATCH] Validate Arcanist install-certificate URIs more carefully Summary: Fixes T11222. This was lazy-future-proofed for Conduit SSH support, but users are boundlessly creative. Check protocols explicitly. Test Plan: ``` $ arc install-certificate a.b:1/ Usage Exception: Server URI "a.b:1/" must include the "http" or "https" protocol. It should be in the form "https://phabricator.example.com/". ``` - Also went through a successful workflow with a URI in the form provided in the example. Reviewers: chad Reviewed By: chad Maniphest Tasks: T11222 Differential Revision: https://secure.phabricator.com/D16188 --- .../ArcanistInstallCertificateWorkflow.php | 21 +++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/src/workflow/ArcanistInstallCertificateWorkflow.php b/src/workflow/ArcanistInstallCertificateWorkflow.php index 41a98519..b437697b 100644 --- a/src/workflow/ArcanistInstallCertificateWorkflow.php +++ b/src/workflow/ArcanistInstallCertificateWorkflow.php @@ -196,14 +196,31 @@ EOTEXT $uri = $conduit_uri; } + $example = 'https://phabricator.example.com/'; + $uri_object = new PhutilURI($uri); - if (!$uri_object->getProtocol() || !$uri_object->getDomain()) { + $protocol = $uri_object->getProtocol(); + if (!$protocol || !$uri_object->getDomain()) { throw new ArcanistUsageException( pht( 'Server URI "%s" must include a protocol and domain. It should be '. 'in the form "%s".', $uri, - 'https://phabricator.example.com/')); + $example)); + } + + $protocol = $uri_object->getProtocol(); + switch ($protocol) { + case 'http': + case 'https': + break; + default: + throw new ArcanistUsageException( + pht( + 'Server URI "%s" must include the "http" or "https" protocol. '. + 'It should be in the form "%s".', + $uri, + $example)); } $uri_object->setPath('/api/');