1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-21 21:10:56 +01:00

Preserve nonstandard ports during 404 redirects which add "/" to the ends of URIs

Summary:
Fixes T12058. When the user visits `/maniphest`, for example, we redirect to `/maniphest/`.

Since this redirect is very low-level (at the Aphront level, below the Site level) we need to preserve the request Host rather than correct it to `PhabricatorEnv::getURI()` or similar -- the request may be hiting a different Site like a blog domain.

Currently, we do not preserve the port. Instead, preserve the port if it is not a standard port for the protocol (80 for http, 443 for https).

Test Plan:
  - Made a request with a missing slash and a normal port in my browser, got redirected normally.
  - Made a request with a missing slash and a nonstandard port, got redirected on the same port.

```
$ curl -H 'Host: local.phacility.com:123' -v http://local.phacility.com/diffusion
*   Trying 127.0.0.1...
* Connected to local.phacility.com (127.0.0.1) port 80 (#0)
> GET /diffusion HTTP/1.1
...
>
< HTTP/1.1 302 Found
...
< Location: http://local.phacility.com:123/diffusion/
...
```

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T12058

Differential Revision: https://secure.phabricator.com/D17134
This commit is contained in:
epriestley 2017-01-03 09:50:16 -08:00
parent 489587d607
commit c07ec8fee6

View file

@ -548,7 +548,31 @@ final class AphrontRequest extends Phobject {
public function getAbsoluteRequestURI() { public function getAbsoluteRequestURI() {
$uri = $this->getRequestURI(); $uri = $this->getRequestURI();
$uri->setDomain($this->getHost()); $uri->setDomain($this->getHost());
$uri->setProtocol($this->isHTTPS() ? 'https' : 'http');
if ($this->isHTTPS()) {
$protocol = 'https';
} else {
$protocol = 'http';
}
$uri->setProtocol($protocol);
// If the request used a nonstandard port, preserve it while building the
// absolute URI.
// First, get the default port for the request protocol.
$default_port = id(new PhutilURI($protocol.'://example.com/'))
->getPortWithProtocolDefault();
// NOTE: See note in getHost() about malicious "Host" headers. This
// construction defuses some obscure potential attacks.
$port = id(new PhutilURI($protocol.'://'.$this->host))
->getPort();
if (($port !== null) && ($port !== $default_port)) {
$uri->setPort($port);
}
return $uri; return $uri;
} }