mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-23 22:10:55 +01:00
Ref T8989, Phurl "Visit URL" link should route through a separate controller.
Summary: Ref T8989, Phurl "Visit URL" should now route to an access controller that decides if the URL is valid whether to open it, or redirect back to Phurl object. New route is `local.install.com/u/1` to open link. Test Plan: - open Phurl object with invalid URL, "Visit URL" link should redirect back to object - open Phurl object with valid URL, "Visit URL" link should open the link - open `local.install.com/u/1` for `U1` with valid URL should open the link - open `local.install.com/u/1` for `U1` with invalid URL should redirect to `local.install.com/U1` Reviewers: epriestley, #blessed_reviewers Reviewed By: epriestley, #blessed_reviewers Subscribers: joshuaspence, Korvin Maniphest Tasks: T8989 Differential Revision: https://secure.phabricator.com/D14381
This commit is contained in:
parent
c35b564f4d
commit
809453a3e1
5 changed files with 40 additions and 15 deletions
|
@ -2625,6 +2625,7 @@ phutil_register_library_map(array(
|
|||
'PhabricatorPhurlDAO' => 'applications/phurl/storage/PhabricatorPhurlDAO.php',
|
||||
'PhabricatorPhurlSchemaSpec' => 'applications/phurl/storage/PhabricatorPhurlSchemaSpec.php',
|
||||
'PhabricatorPhurlURL' => 'applications/phurl/storage/PhabricatorPhurlURL.php',
|
||||
'PhabricatorPhurlURLAccessController' => 'applications/phurl/controller/PhabricatorPhurlURLAccessController.php',
|
||||
'PhabricatorPhurlURLEditController' => 'applications/phurl/controller/PhabricatorPhurlURLEditController.php',
|
||||
'PhabricatorPhurlURLEditor' => 'applications/phurl/editor/PhabricatorPhurlURLEditor.php',
|
||||
'PhabricatorPhurlURLListController' => 'applications/phurl/controller/PhabricatorPhurlURLListController.php',
|
||||
|
@ -6727,6 +6728,7 @@ phutil_register_library_map(array(
|
|||
'PhabricatorFlaggableInterface',
|
||||
'PhabricatorSpacesInterface',
|
||||
),
|
||||
'PhabricatorPhurlURLAccessController' => 'PhabricatorPhurlController',
|
||||
'PhabricatorPhurlURLEditController' => 'PhabricatorPhurlController',
|
||||
'PhabricatorPhurlURLEditor' => 'PhabricatorApplicationTransactionEditor',
|
||||
'PhabricatorPhurlURLListController' => 'PhabricatorPhurlController',
|
||||
|
|
|
@ -29,6 +29,7 @@ final class PhabricatorPhurlApplication extends PhabricatorApplication {
|
|||
public function getRoutes() {
|
||||
return array(
|
||||
'/U(?P<id>[1-9]\d*)' => 'PhabricatorPhurlURLViewController',
|
||||
'/u/(?P<id>[1-9]\d*)' => 'PhabricatorPhurlURLAccessController',
|
||||
'/phurl/' => array(
|
||||
'(?:query/(?P<queryKey>[^/]+)/)?'
|
||||
=> 'PhabricatorPhurlURLListController',
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
<?php
|
||||
|
||||
final class PhabricatorPhurlURLAccessController
|
||||
extends PhabricatorPhurlController {
|
||||
|
||||
public function handleRequest(AphrontRequest $request) {
|
||||
$viewer = $this->getViewer();
|
||||
$id = $request->getURIData('id');
|
||||
|
||||
$url = id(new PhabricatorPhurlURLQuery())
|
||||
->setViewer($viewer)
|
||||
->withIDs(array($id))
|
||||
->executeOne();
|
||||
|
||||
if (!$url) {
|
||||
return new Aphront404Response();
|
||||
}
|
||||
|
||||
if ($url->isValid()) {
|
||||
return id(new AphrontRedirectResponse())
|
||||
->setURI($url->getLongURL())
|
||||
->setIsExternal(true);
|
||||
} else {
|
||||
return id(new AphrontRedirectResponse())->setURI('/'.$url->getMonogram());
|
||||
}
|
||||
}
|
||||
|
||||
}
|
|
@ -96,18 +96,6 @@ final class PhabricatorPhurlURLViewController
|
|||
$url,
|
||||
PhabricatorPolicyCapability::CAN_EDIT);
|
||||
|
||||
$allowed_protocols = PhabricatorEnv::getEnvConfig('uri.allowed-protocols');
|
||||
$uri = new PhutilURI($url->getLongURL());
|
||||
$url_protocol = $uri->getProtocol();
|
||||
|
||||
$can_access = false;
|
||||
$redirect_uri = $url->getMonogram();
|
||||
|
||||
if (strlen($url_protocol)) {
|
||||
$can_access = in_array($url_protocol, $allowed_protocols);
|
||||
$redirect_uri = $uri;
|
||||
}
|
||||
|
||||
$actions
|
||||
->addAction(
|
||||
id(new PhabricatorActionView())
|
||||
|
@ -120,9 +108,8 @@ final class PhabricatorPhurlURLViewController
|
|||
id(new PhabricatorActionView())
|
||||
->setName(pht('Visit URL'))
|
||||
->setIcon('fa-external-link')
|
||||
->setHref($redirect_uri)
|
||||
->setDisabled(!$can_edit || !$can_access)
|
||||
->setWorkflow(!$can_edit));
|
||||
->setHref("u/{$id}")
|
||||
->setDisabled(!$url->isValid()));
|
||||
|
||||
return $actions;
|
||||
}
|
||||
|
|
|
@ -72,6 +72,13 @@ final class PhabricatorPhurlURL extends PhabricatorPhurlDAO
|
|||
return $uri;
|
||||
}
|
||||
|
||||
public function isValid() {
|
||||
$allowed_protocols = PhabricatorEnv::getEnvConfig('uri.allowed-protocols');
|
||||
$uri = new PhutilURI($this->getLongURL());
|
||||
|
||||
return isset($allowed_protocols[$uri->getProtocol()]);
|
||||
}
|
||||
|
||||
/* -( PhabricatorPolicyInterface )----------------------------------------- */
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue