. * * The interactive user interfaces in modified source and object code versions * of this program must display Appropriate Legal Notices, as required under * Section 5 of the GNU Affero General Public License version 3. * * In accordance with Section 7(b) of the GNU Affero General Public License version 3, * these Appropriate Legal Notices must retain the display of the "EspoCRM" word. ************************************************************************/ namespace Espo\Tools\UserSecurity\Password\Recovery; use Espo\Core\Exceptions\Forbidden; use Espo\Core\Utils\Config; use Espo\Entities\Portal; use Espo\ORM\EntityManager; class UrlValidator { public function __construct( private Config $config, private EntityManager $entityManager ) {} /** * @throws Forbidden */ public function validate(string $url): void { $siteUrl = rtrim($this->config->get('siteUrl') ?? '', '/'); if (UrlValidatorUtil::validate($url, $siteUrl)) { return; } /** @var iterable $portals */ $portals = $this->entityManager ->getRDBRepositoryByClass(Portal::class) ->find(); foreach ($portals as $portal) { $siteUrl = rtrim($portal->getUrl() ?? '', '/'); if (UrlValidatorUtil::validate($url, $siteUrl)) { return; } } throw new Forbidden("URL does not match Site URL."); } }