fkooman /
php-remote-storage
| @@ 82-84 (lines=3) @@ | ||
| 79 | $redirectTo = $request->getPostParameter('_form_auth_redirect_to'); |
|
| 80 | ||
| 81 | // validate the URL |
|
| 82 | if (false === filter_var($redirectTo, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED | FILTER_FLAG_HOST_REQUIRED | FILTER_FLAG_PATH_REQUIRED)) { |
|
| 83 | throw new HttpException('invalid redirect_to URL', 400); |
|
| 84 | } |
|
| 85 | // extract the "host" part of the URL |
|
| 86 | if (false === $redirectToHost = parse_url($redirectTo, PHP_URL_HOST)) { |
|
| 87 | throw new HttpException('invalid redirect_to URL, unable to extract host', 400); |
|
| @@ 147-149 (lines=3) @@ | ||
| 144 | ||
| 145 | // XXX we also should enforce HTTPS |
|
| 146 | $redirectUri = $request->getQueryParameter('redirect_uri'); |
|
| 147 | if (false === filter_var($redirectUri, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED | FILTER_FLAG_HOST_REQUIRED | FILTER_FLAG_PATH_REQUIRED)) { |
|
| 148 | throw new HttpException('invalid redirect_uri', 400); |
|
| 149 | } |
|
| 150 | if (false !== strpos($redirectUri, '?')) { |
|
| 151 | throw new HttpException('invalid redirect_uri', 400); |
|
| 152 | } |
|
