Reject SCP-style URIs with explicit protocols in Diffusion

Summary: Fixes T3619. These URIs are valid: git@domain.com:/path (Git SCP-style implicit SSH) ssh://git@domain.com/path (Explicit SSH) This URI, arrived at by adding "ssh://" to the front of an SCP-style URI, is not: ssh://git@domain.com:/path Detect URIs in this form and reject them. See T3619. Test Plan: {F75486} Also set some valid URIs. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T3619 Differential Revision: https://secure.phabricator.com/D7431
2013-10-26 22:32:13 -07:00
parent 59922b78b9
commit c749fcc192
2 changed files with 15 additions and 2 deletions
--- a/src/applications/diffusion/controller/DiffusionRepositoryCreateController.php
+++ b/src/applications/diffusion/controller/DiffusionRepositoryCreateController.php
@@ -457,6 +457,21 @@ final class DiffusionRepositoryCreateController
        }
      }

+      // Catch confusion between Git/SCP-style URIs and normal URIs. See T3619
+      // for discussion. This is usually a user adding "ssh://" to an implicit
+      // SSH Git URI.
+      if ($proto == 'ssh') {
+        if (preg_match('(^[^:@]+://[^/:]+:[^\d])', $v_remote)) {
+          $c_remote->setError(pht('Invalid'));
+          $page->addPageError(
+            pht(
+              "The Remote URI is not formatted correctly. Remote URIs ".
+              "with an explicit protocol should be in the form ".
+              "'proto://domain/path', not 'proto://domain:/path'. ".
+              "The ':/path' syntax is only valid in SCP-style URIs."));
+        }
+      }
+
      switch ($proto) {
        case 'ssh':
        case 'http':