TYPO3 Core

/**

* Checks if a given URL matches the host, TYPO3 is running on.

*

* Sites are identical if schema, hostname and (optional) port match.

*

* @param string URL to compare with TYPO3 request host

* @return boolean true if given URL matches this host, otherwise false

*/

public static function isAllowedSite($url) {

return ((stripos($url . '/', t3lib_div::getIndpEnv('TYPO3_REQUEST_HOST') . '/') === 0));

}

?>

/**

* Checks if a given string is a Uniform Resource Locator (URL).

*

* In deviatiom from RFC 3986, only URLs are successfully identified

* that have a server component.

*

* @param string

* @return boolean if given string is a URL true, otherwise false

*/

public static function isURL($url) {

return ((filter_var($url, FILTER_VALIDATE_URL) !== false));

}

<?php

/***************************************************************

* Copyright notice

*

* (c) 2009 Marcus Krause <marcus#expYYYY@t3sec.info>

* All rights reserved

*

* This script is part of the TYPO3 project. The TYPO3 project is

* free software; you can redistribute it and/or modify

* it under the terms of the GNU General Public License as published by

* the Free Software Foundation; either version 2 of the License, or

* (at your option) any later version.

*

* The GNU General Public License can be found at

* http://www.gnu.org/copyleft/gpl.html.

*

* This script is distributed in the hope that it will be useful,

* but WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

* GNU General Public License for more details.

*

* This copyright notice MUST APPEAR in all copies of the script!

***************************************************************/

/**

* Testcase for class t3lib_befunc

*

* @author Marcus Krause <marcus#expYYYY@t3sec.info>

* @package TYPO3

* @subpackage t3lib

*/

class t3lib_befunc_testcase extends tx_phpunit_testcase {

/**

* @test

*/

public function checkIsAllowedSite() {

$testUrl = t3lib_div::getIndpEnv('TYPO3_REQUEST_HOST');

$this->assertTrue(t3lib_BEfunc::isAllowedSite($testUrl));

$testUrl = 'http://example.org/';

$this->assertFalse(t3lib_BEfunc::isAllowedSite($testUrl));

$testUrl = 'https://www.example.org:443/';

$this->assertFalse(t3lib_BEfunc::isAllowedSite($testUrl));

$testUrl = substr(t3lib_div::getIndpEnv('TYPO3_REQUEST_HOST'), 0, strlen(t3lib_div::getIndpEnv('TYPO3_REQUEST_HOST')) - 1);

$this->assertFalse(t3lib_BEfunc::isAllowedSite($testUrl));

$testUrl = 'https://www.example.org:443/?arg=' . t3lib_div::getIndpEnv('TYPO3_REQUEST_HOST');

$this->assertFalse(t3lib_BEfunc::isAllowedSite($testUrl));

}

}

?>

/**

* @test

*/

public function checkIsUrl() {

$testUrl = 'http://www.example.org/';

$this->assertTrue(t3lib_div::isUrl($testUrl));

$testUrl = 'https://user:pw@www.example.org:80/path?arg=value#fragment';

$this->assertTrue(t3lib_div::isUrl($testUrl));

$testUrl = 'telnet://192.0.2.16:80/';

$this->assertTrue(t3lib_div::isUrl($testUrl));

$testUrl = 'ldap://[2001:db8::7]/c=GB?objectClass?one';

$this->assertTrue(t3lib_div::isUrl($testUrl));

$testUrl = 'file:///etc/passwd';

$this->assertTrue(t3lib_div::isUrl($testUrl));

$testUrl = './relpath/file.txt';

$this->assertFalse(t3lib_div::isUrl($testUrl));

$testUrl = '/abspath/file.txt?arg=value';

$this->assertFalse(t3lib_div::isUrl($testUrl));

$testUrl = 'arbitrary string';

$this->assertFalse(t3lib_div::isUrl($testUrl));

}