public static function checkURLAllowed($url, array $trustedSites = null)
{
if (empty($url)) {
return '';
}
$url = self::normalizeURL($url);
// get the white list of domains
if ($trustedSites === null) {
$trustedSites = \SimpleSAML_Configuration::getInstance()->getValue('trusted.url.domains', array());
}
// validates the URL's host is among those allowed
if (is_array($trustedSites)) {
assert(is_array($trustedSites));
preg_match('@^https?://([^/]+)@i', $url, $matches);
$hostname = $matches[1];
$self_host = self::getSelfHostWithNonStandardPort();
$trustedRegex = \SimpleSAML_Configuration::getInstance()->getValue('trusted.url.regex', false);
$trusted = false;
if ($trustedRegex) {
// add self host to the white list
$trustedSites[] = preg_quote($self_host);
foreach ($trustedSites as $regex) {
// Add start and end delimiters.
$regex = "@^{$regex}\$@";
if (preg_match($regex, $hostname)) {
$trusted = true;
break;
}
}
} else {
// add self host to the white list
$trustedSites[] = $self_host;
$trusted = in_array($hostname, $trustedSites);
}
// throw exception due to redirection to untrusted site
if (!$trusted) {
throw new \SimpleSAML_Error_Exception('URL not allowed: ' . $url);
}
}
return $url;
}