}, {INVENTORY.URL.B<1-9>} and * {INVENTORY.URL.C<1-9>} if set to INVENTORY_URL_MACRO_TRIGGER; * - {INVENTORY.URL.A}, {INVENTORY.URL.B} and {INVENTORY.URL.C} if * set to INVENTORY_URL_MACRO_HOST; * @param bool $options[allow_event_tags_macro] If set to be true, URLs containing {EVENT.TAGS.} macros will * be considered as valid. * @param bool $options[validate_uri_schemes] Parameter allows to overwrite global switch * CSettingsHelper::VALIDATE_URI_SCHEMES for specific uses. * * @return bool */ public static function validate(string $url, array $options = []): bool { $options += [ 'allow_user_macro' => true, 'allow_event_tags_macro' => false, 'allow_inventory_macro' => INVENTORY_URL_MACRO_NONE, 'validate_uri_schemes' => (bool) CSettingsHelper::get(CSettingsHelper::VALIDATE_URI_SCHEMES) ]; if ($options['validate_uri_schemes'] === false) { return true; } if ($options['allow_inventory_macro'] != INVENTORY_URL_MACRO_NONE) { $macro_parser = new CMacroParser([ 'macros' => ['{INVENTORY.URL.A}', '{INVENTORY.URL.B}', '{INVENTORY.URL.C}'], 'ref_type' => ($options['allow_inventory_macro'] == INVENTORY_URL_MACRO_TRIGGER) ? CMacroParser::REFERENCE_NUMERIC : CMacroParser::REFERENCE_NONE ]); // Macros allowed only at the beginning of $url. if ($macro_parser->parse($url, 0) != CParser::PARSE_FAIL) { return true; } } if ($options['allow_event_tags_macro'] === true) { $macro_parser = new CMacroParser([ 'macros' => ['{EVENT.TAGS}'], 'ref_type' => CMacroParser::REFERENCE_ALPHANUMERIC ]); for ($pos = strpos($url, '{'); $pos !== false; $pos = strpos($url, '{', $pos + 1)) { if ($macro_parser->parse($url, $pos) != CParser::PARSE_FAIL) { return true; } } } if ($options['allow_user_macro'] === true) { $user_macro_parser = new CUserMacroParser(); for ($pos = strpos($url, '{'); $pos !== false; $pos = strpos($url, '{', $pos + 1)) { if ($user_macro_parser->parse($url, $pos) != CParser::PARSE_FAIL) { return true; } } } $url_parts = parse_url(preg_replace('/[\r\n\t]/', '', trim($url, "\x00..\x1F\x20"))); if (!$url_parts) { return false; } if (array_key_exists('scheme', $url_parts)) { if (!in_array(strtolower($url_parts['scheme']), explode(',', strtolower(CSettingsHelper::get( CSettingsHelper::URI_VALID_SCHEMES ))))) { return false; } if (array_key_exists('host', $url_parts)) { return true; } return array_key_exists('path', $url_parts) && $url_parts['path'] !== '/'; } return array_key_exists('path', $url_parts) && $url_parts['path'] !== ''; } /** * Verifies that URL will not lead to third party pages. * * @param string $url * * @return bool */ public static function validateSameSite(string $url): bool { $root_path = __DIR__.'/../../../'; preg_match('/^\/?(?[a-z0-9_.]+\.php)(\?.*)?$/i', $url, $url_parts); return array_key_exists('filename', $url_parts) && file_exists($root_path.$url_parts['filename']); } }