internal static bool IsSafeUrl(string urlString, HttpRequest httpRequest)
{
if (string.IsNullOrEmpty(urlString))
{
return(false);
}
Uri uri;
if (null == (uri = Utilities.TryParseUri(urlString)))
{
return(false);
}
string scheme = uri.Scheme;
if (string.IsNullOrEmpty(scheme))
{
return(false);
}
if (!Uri.CheckSchemeName(scheme) || !TextConvertersInternalHelpers.IsUrlSchemaSafe(scheme))
{
return(false);
}
if (Redir.IsHttpOrHttps(scheme))
{
string text = httpRequest.ServerVariables["HTTP_HOST"];
return(!string.IsNullOrEmpty(text) && Redir.CheckHostNameWithHttpHost(urlString, uri, text));
}
return(true);
}
private string TryNavigateToInternalWssUnc(string uriParam, out ErrorInformation errorInformation)
{
errorInformation = null;
if (base.UserContext.IsBasicExperience)
{
return(null);
}
Uri uri = Utilities.TryParseUri(uriParam);
if (uri == null || string.IsNullOrEmpty(uri.Scheme) || string.IsNullOrEmpty(uri.Host))
{
return(null);
}
if (!DocumentLibraryUtilities.IsTrustedProtocol(uri.Scheme))
{
return(null);
}
if (!DocumentLibraryUtilities.IsInternalUri(uri.Host, base.UserContext))
{
return(null);
}
if (DocumentLibraryUtilities.IsBlockedHostName(uri.Host, base.UserContext))
{
return(null);
}
if (!DocumentLibraryUtilities.IsDocumentsAccessEnabled(base.UserContext))
{
return(null);
}
bool flag = DocumentLibraryUtilities.IsNavigationToWSSAllowed(base.UserContext);
bool flag2 = DocumentLibraryUtilities.IsNavigationToUNCAllowed(base.UserContext);
bool flag3 = Redir.IsHttpOrHttps(uri.Scheme);
bool flag4 = string.Equals(uri.Scheme, Uri.UriSchemeFile, StringComparison.OrdinalIgnoreCase);
if ((flag3 && !flag) || (flag4 && !flag2))
{
return(null);
}
ClassifyResult documentLibraryObjectId = DocumentLibraryUtilities.GetDocumentLibraryObjectId(uri, base.UserContext);
if (documentLibraryObjectId == null || documentLibraryObjectId.Error != ClassificationError.None)
{
return(null);
}
DocumentLibraryObjectId objectId = documentLibraryObjectId.ObjectId;
if (objectId == null)
{
return(null);
}
if (objectId.UriFlags == UriFlags.Other)
{
return(null);
}
UriFlags uriFlags = objectId.UriFlags;
bool flag5 = (uriFlags & UriFlags.SharepointDocument) == UriFlags.SharepointDocument;
bool flag6 = (uriFlags & UriFlags.UncDocument) == UriFlags.UncDocument;
if ((uriFlags & UriFlags.DocumentLibrary) == UriFlags.DocumentLibrary || (uriFlags & UriFlags.Folder) == UriFlags.Folder || uriFlags == UriFlags.Sharepoint || uriFlags == UriFlags.Unc)
{
return(string.Concat(new string[]
{
OwaUrl.ApplicationRoot.GetExplicitUrl(base.OwaContext),
"?ae=Folder&t=IPF.DocumentLibrary&id=",
Utilities.UrlEncode(objectId.ToBase64String()),
"&URL=",
Utilities.UrlEncode(uriParam)
}));
}
if (flag5)
{
if (!base.UserContext.IsBasicExperience && DocumentLibraryUtilities.IsWebReadyDocument(objectId, base.UserContext))
{
this.openWebReadyForm = true;
return("WebReadyView.aspx?t=wss&id=" + Utilities.UrlEncode(objectId.ToBase64String()) + "&URL=" + Utilities.UrlEncode(uriParam));
}
return(string.Concat(new string[]
{
"ev.owa?ns=SharepointDocument&ev=GetDoc&id=",
Utilities.UrlEncode(objectId.ToBase64String()),
"&URL=",
Utilities.UrlEncode(uriParam),
Utilities.GetCanaryRequestParameter()
}));
}
else
{
if (!flag6)
{
return(null);
}
if (!base.UserContext.IsBasicExperience && DocumentLibraryUtilities.IsWebReadyDocument(objectId, base.UserContext))
{
this.openWebReadyForm = true;
return("WebReadyView.aspx?t=unc&id=" + Utilities.UrlEncode(objectId.ToBase64String()) + "&URL=" + Utilities.UrlEncode(uriParam));
}
return(string.Concat(new string[]
{
"ev.owa?ns=UncDocument&ev=GetDoc&id=",
Utilities.UrlEncode(objectId.ToBase64String()),
"&URL=",
Utilities.UrlEncode(uriParam),
Utilities.GetCanaryRequestParameter()
}));
}
}