recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Preserve nonstandard ports during 404 redirects which add "/" to the ends of URIs

Summary:
Fixes T12058. When the user visits `/maniphest`, for example, we redirect to `/maniphest/`.

Since this redirect is very low-level (at the Aphront level, below the Site level) we need to preserve the request Host rather than correct it to `PhabricatorEnv::getURI()` or similar -- the request may be hiting a different Site like a blog domain.

Currently, we do not preserve the port. Instead, preserve the port if it is not a standard port for the protocol (80 for http, 443 for https).

Test Plan:
- Made a request with a missing slash and a normal port in my browser, got redirected normally.
- Made a request with a missing slash and a nonstandard port, got redirected on the same port.

```
$ curl -H 'Host: local.phacility.com:123' -v http://local.phacility.com/diffusion
* Trying 127.0.0.1...
* Connected to local.phacility.com (127.0.0.1) port 80 (#0)
> GET /diffusion HTTP/1.1
...
>
< HTTP/1.1 302 Found
...
< Location: http://local.phacility.com:123/diffusion/
...
```

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T12058

Differential Revision: https://secure.phabricator.com/D17134

epriestley c07ec8fe 489587d6

+25 -1
+25 -1
src/aphront/AphrontRequest.php
··· 548 548 public function getAbsoluteRequestURI() { 549 549 $uri = $this->getRequestURI(); 550 550 $uri->setDomain($this->getHost()); 551 - $uri->setProtocol($this->isHTTPS() ? 'https' : 'http'); 551 + 552 + if ($this->isHTTPS()) { 553 + $protocol = 'https'; 554 + } else { 555 + $protocol = 'http'; 556 + } 557 + 558 + $uri->setProtocol($protocol); 559 + 560 + // If the request used a nonstandard port, preserve it while building the 561 + // absolute URI. 562 + 563 + // First, get the default port for the request protocol. 564 + $default_port = id(new PhutilURI($protocol.'://example.com/')) 565 + ->getPortWithProtocolDefault(); 566 + 567 + // NOTE: See note in getHost() about malicious "Host" headers. This 568 + // construction defuses some obscure potential attacks. 569 + $port = id(new PhutilURI($protocol.'://'.$this->host)) 570 + ->getPort(); 571 + 572 + if (($port !== null) && ($port !== $default_port)) { 573 + $uri->setPort($port); 574 + } 575 + 552 576 return $uri; 553 577 } 554 578