revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-03-25 10:40:16 +01:00
Code Issues Releases Wiki Activity

Redirect instead of 400 from file on wrong domain

Browse source 
Summary: We recently opted for 'security.alternate-file-domain' and we have some hotlinks to the original domain.

Test Plan: Enabled 'security.alternate-file-domain', observed redirect.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D3380
This commit is contained in:
vrana 2012-08-24 12:25:51 -07:00
parent d814245eea
commit 66a300768a
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/applications/files/controller/PhabricatorFileDataController.php
View file

@ -34,9 +34,11 @@ final class PhabricatorFileDataController extends PhabricatorFileController {
$request = $this->getRequest();
$alt = PhabricatorEnv::getEnvConfig('security.alternate-file-domain');
$alt_domain = id(new PhutilURI($alt))->getDomain();
$uri = new PhutilURI($alt);
$alt_domain = $uri->getDomain();
if ($alt_domain && ($alt_domain != $request->getHost())) {
return new Aphront400Response();
return id(new AphrontRedirectResponse())
->setURI($uri->setPath($request->getPath()));
}
$file = id(new PhabricatorFile())->loadOneWhere(