internal static bool IsSafeUrl(string urlString, HttpRequest httpRequest) { if (string.IsNullOrEmpty(urlString)) { return(false); } Uri uri; if (null == (uri = Utilities.TryParseUri(urlString))) { return(false); } string scheme = uri.Scheme; if (string.IsNullOrEmpty(scheme)) { return(false); } if (!Uri.CheckSchemeName(scheme) || !TextConvertersInternalHelpers.IsUrlSchemaSafe(scheme)) { return(false); } if (Redir.IsHttpOrHttps(scheme)) { string text = httpRequest.ServerVariables["HTTP_HOST"]; return(!string.IsNullOrEmpty(text) && Redir.CheckHostNameWithHttpHost(urlString, uri, text)); } return(true); }
private string TryNavigateToInternalWssUnc(string uriParam, out ErrorInformation errorInformation) { errorInformation = null; if (base.UserContext.IsBasicExperience) { return(null); } Uri uri = Utilities.TryParseUri(uriParam); if (uri == null || string.IsNullOrEmpty(uri.Scheme) || string.IsNullOrEmpty(uri.Host)) { return(null); } if (!DocumentLibraryUtilities.IsTrustedProtocol(uri.Scheme)) { return(null); } if (!DocumentLibraryUtilities.IsInternalUri(uri.Host, base.UserContext)) { return(null); } if (DocumentLibraryUtilities.IsBlockedHostName(uri.Host, base.UserContext)) { return(null); } if (!DocumentLibraryUtilities.IsDocumentsAccessEnabled(base.UserContext)) { return(null); } bool flag = DocumentLibraryUtilities.IsNavigationToWSSAllowed(base.UserContext); bool flag2 = DocumentLibraryUtilities.IsNavigationToUNCAllowed(base.UserContext); bool flag3 = Redir.IsHttpOrHttps(uri.Scheme); bool flag4 = string.Equals(uri.Scheme, Uri.UriSchemeFile, StringComparison.OrdinalIgnoreCase); if ((flag3 && !flag) || (flag4 && !flag2)) { return(null); } ClassifyResult documentLibraryObjectId = DocumentLibraryUtilities.GetDocumentLibraryObjectId(uri, base.UserContext); if (documentLibraryObjectId == null || documentLibraryObjectId.Error != ClassificationError.None) { return(null); } DocumentLibraryObjectId objectId = documentLibraryObjectId.ObjectId; if (objectId == null) { return(null); } if (objectId.UriFlags == UriFlags.Other) { return(null); } UriFlags uriFlags = objectId.UriFlags; bool flag5 = (uriFlags & UriFlags.SharepointDocument) == UriFlags.SharepointDocument; bool flag6 = (uriFlags & UriFlags.UncDocument) == UriFlags.UncDocument; if ((uriFlags & UriFlags.DocumentLibrary) == UriFlags.DocumentLibrary || (uriFlags & UriFlags.Folder) == UriFlags.Folder || uriFlags == UriFlags.Sharepoint || uriFlags == UriFlags.Unc) { return(string.Concat(new string[] { OwaUrl.ApplicationRoot.GetExplicitUrl(base.OwaContext), "?ae=Folder&t=IPF.DocumentLibrary&id=", Utilities.UrlEncode(objectId.ToBase64String()), "&URL=", Utilities.UrlEncode(uriParam) })); } if (flag5) { if (!base.UserContext.IsBasicExperience && DocumentLibraryUtilities.IsWebReadyDocument(objectId, base.UserContext)) { this.openWebReadyForm = true; return("WebReadyView.aspx?t=wss&id=" + Utilities.UrlEncode(objectId.ToBase64String()) + "&URL=" + Utilities.UrlEncode(uriParam)); } return(string.Concat(new string[] { "ev.owa?ns=SharepointDocument&ev=GetDoc&id=", Utilities.UrlEncode(objectId.ToBase64String()), "&URL=", Utilities.UrlEncode(uriParam), Utilities.GetCanaryRequestParameter() })); } else { if (!flag6) { return(null); } if (!base.UserContext.IsBasicExperience && DocumentLibraryUtilities.IsWebReadyDocument(objectId, base.UserContext)) { this.openWebReadyForm = true; return("WebReadyView.aspx?t=unc&id=" + Utilities.UrlEncode(objectId.ToBase64String()) + "&URL=" + Utilities.UrlEncode(uriParam)); } return(string.Concat(new string[] { "ev.owa?ns=UncDocument&ev=GetDoc&id=", Utilities.UrlEncode(objectId.ToBase64String()), "&URL=", Utilities.UrlEncode(uriParam), Utilities.GetCanaryRequestParameter() })); } }