Mirrors/shlink
1
0
Fork 0
mirror of https://github.com/shlinkio/shlink.git synced 2026-03-09 08:43:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Handled IDN domains also on internal redirections when validating a URL

Browse Source
This commit is contained in:
Alejandro Celaya
2019-11-16 12:38:45 +01:00
parent 8cf1a95df5
commit 6b8fc3228e
4 changed files with 78 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
module/Core/src/Util/UrlValidator.php
View File

@@ -5,18 +5,20 @@ declare(strict_types=1);
namespace Shlinkio\Shlink\Core\Util;
use Fig\Http\Message\RequestMethodInterface;
use Fig\Http\Message\StatusCodeInterface;
use GuzzleHttp\ClientInterface;
use GuzzleHttp\Exception\GuzzleException;
use GuzzleHttp\RequestOptions;
use Shlinkio\Shlink\Core\Exception\InvalidUrlException;
use Zend\Diactoros\Uri;
use function Functional\contains;
use function idn_to_ascii;
use const IDNA_DEFAULT;
use const INTL_IDNA_VARIANT_UTS46;
class UrlValidator implements UrlValidatorInterface, RequestMethodInterface
class UrlValidator implements UrlValidatorInterface, RequestMethodInterface, StatusCodeInterface
{
private const MAX_REDIRECTS = 15;
@@ -32,9 +34,17 @@ class UrlValidator implements UrlValidatorInterface, RequestMethodInterface
* @throws InvalidUrlException
*/
public function validateUrl(string $url): void
{
$this->doValidateUrl($url);
}
/**
* @throws InvalidUrlException
*/
private function doValidateUrl(string $url, int $redirectNum = 1): void
{
// FIXME Guzzle is about to add support for this https://github.com/guzzle/guzzle/pull/2286
// Remove custom implementation when Guzzle's PR is merged
// Remove custom implementation and manual redirect handling when Guzzle's PR is merged
$uri = new Uri($url);
$originalHost = $uri->getHost();
$normalizedHost = idn_to_ascii($originalHost, IDNA_DEFAULT, INTL_IDNA_VARIANT_UTS46);
@@ -43,11 +53,21 @@ class UrlValidator implements UrlValidatorInterface, RequestMethodInterface
}
try {
$this->httpClient->request(self::METHOD_GET, (string) $uri, [
RequestOptions::ALLOW_REDIRECTS => ['max' => self::MAX_REDIRECTS],
$resp = $this->httpClient->request(self::METHOD_GET, (string) $uri, [
// RequestOptions::ALLOW_REDIRECTS => ['max' => self::MAX_REDIRECTS],
RequestOptions::ALLOW_REDIRECTS => false,
]);
if ($redirectNum < self::MAX_REDIRECTS && $this->statusIsRedirect($resp->getStatusCode())) {
$this->doValidateUrl($resp->getHeaderLine('Location'), $redirectNum + 1);
}
} catch (GuzzleException $e) {
throw InvalidUrlException::fromUrl($url, $e);
}
}
private function statusIsRedirect(int $statusCode): bool
{
return contains([self::STATUS_MOVED_PERMANENTLY, self::STATUS_FOUND], $statusCode);
}
}