fkooman /
php-remote-storage
| @@ 54-56 (lines=3) @@ | ||
| 51 | $redirectTo = $request->getPostParameter('_form_auth_redirect_to'); |
|
| 52 | ||
| 53 | // validate the URL |
|
| 54 | if (false === filter_var($redirectTo, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED | FILTER_FLAG_HOST_REQUIRED | FILTER_FLAG_PATH_REQUIRED)) { |
|
| 55 | throw new HttpException('invalid redirect_to URL', 400); |
|
| 56 | } |
|
| 57 | // extract the "host" part of the URL |
|
| 58 | if (false === $redirectToHost = parse_url($redirectTo, PHP_URL_HOST)) { |
|
| 59 | throw new HttpException('invalid redirect_to URL, unable to extract host', 400); |
|
| @@ 159-161 (lines=3) @@ | ||
| 156 | // XXX we also should enforce HTTPS |
|
| 157 | $redirectUri = $request->getQueryParameter('redirect_uri'); |
|
| 158 | // XXX MUST not have "?" |
|
| 159 | if (false === filter_var($redirectUri, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED | FILTER_FLAG_HOST_REQUIRED | FILTER_FLAG_PATH_REQUIRED)) { |
|
| 160 | throw new HttpException('invalid redirect_uri', 400); |
|
| 161 | } |
|
| 162 | $responseType = $request->getQueryParameter('response_type'); |
|
| 163 | if ('token' !== $responseType) { |
|
| 164 | throw new HttpException('invalid response_type', 400); |
|
