fkooman /
php-remote-storage
| @@ 82-84 (lines=3) @@ | ||
| 79 | $redirectTo = $request->getPostParameter('_form_auth_redirect_to'); |
|
| 80 | ||
| 81 | // validate the URL |
|
| 82 | if (false === filter_var($redirectTo, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED | FILTER_FLAG_HOST_REQUIRED | FILTER_FLAG_PATH_REQUIRED)) { |
|
| 83 | throw new HttpException('invalid redirect_to URL', 400); |
|
| 84 | } |
|
| 85 | // extract the "host" part of the URL |
|
| 86 | if (false === $redirectToHost = parse_url($redirectTo, PHP_URL_HOST)) { |
|
| 87 | throw new HttpException('invalid redirect_to URL, unable to extract host', 400); |
|
| @@ 171-173 (lines=3) @@ | ||
| 168 | ||
| 169 | // XXX we also should enforce HTTPS |
|
| 170 | $redirectUri = $request->getQueryParameter('redirect_uri'); |
|
| 171 | if (false === filter_var($redirectUri, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED | FILTER_FLAG_HOST_REQUIRED | FILTER_FLAG_PATH_REQUIRED)) { |
|
| 172 | throw new HttpException('invalid redirect_uri', 400); |
|
| 173 | } |
|
| 174 | if (false !== strpos($redirectUri, '?')) { |
|
| 175 | throw new HttpException('invalid redirect_uri', 400); |
|
| 176 | } |
|
