mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-21 21:10:56 +01:00
Preserve nonstandard ports during 404 redirects which add "/" to the ends of URIs
Summary: Fixes T12058. When the user visits `/maniphest`, for example, we redirect to `/maniphest/`. Since this redirect is very low-level (at the Aphront level, below the Site level) we need to preserve the request Host rather than correct it to `PhabricatorEnv::getURI()` or similar -- the request may be hiting a different Site like a blog domain. Currently, we do not preserve the port. Instead, preserve the port if it is not a standard port for the protocol (80 for http, 443 for https). Test Plan: - Made a request with a missing slash and a normal port in my browser, got redirected normally. - Made a request with a missing slash and a nonstandard port, got redirected on the same port. ``` $ curl -H 'Host: local.phacility.com:123' -v http://local.phacility.com/diffusion * Trying 127.0.0.1... * Connected to local.phacility.com (127.0.0.1) port 80 (#0) > GET /diffusion HTTP/1.1 ... > < HTTP/1.1 302 Found ... < Location: http://local.phacility.com:123/diffusion/ ... ``` Reviewers: chad Reviewed By: chad Maniphest Tasks: T12058 Differential Revision: https://secure.phabricator.com/D17134
This commit is contained in:
parent
489587d607
commit
c07ec8fee6
1 changed files with 25 additions and 1 deletions
|
@ -548,7 +548,31 @@ final class AphrontRequest extends Phobject {
|
||||||
public function getAbsoluteRequestURI() {
|
public function getAbsoluteRequestURI() {
|
||||||
$uri = $this->getRequestURI();
|
$uri = $this->getRequestURI();
|
||||||
$uri->setDomain($this->getHost());
|
$uri->setDomain($this->getHost());
|
||||||
$uri->setProtocol($this->isHTTPS() ? 'https' : 'http');
|
|
||||||
|
if ($this->isHTTPS()) {
|
||||||
|
$protocol = 'https';
|
||||||
|
} else {
|
||||||
|
$protocol = 'http';
|
||||||
|
}
|
||||||
|
|
||||||
|
$uri->setProtocol($protocol);
|
||||||
|
|
||||||
|
// If the request used a nonstandard port, preserve it while building the
|
||||||
|
// absolute URI.
|
||||||
|
|
||||||
|
// First, get the default port for the request protocol.
|
||||||
|
$default_port = id(new PhutilURI($protocol.'://example.com/'))
|
||||||
|
->getPortWithProtocolDefault();
|
||||||
|
|
||||||
|
// NOTE: See note in getHost() about malicious "Host" headers. This
|
||||||
|
// construction defuses some obscure potential attacks.
|
||||||
|
$port = id(new PhutilURI($protocol.'://'.$this->host))
|
||||||
|
->getPort();
|
||||||
|
|
||||||
|
if (($port !== null) && ($port !== $default_port)) {
|
||||||
|
$uri->setPort($port);
|
||||||
|
}
|
||||||
|
|
||||||
return $uri;
|
return $uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue