aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2018-06-17 17:30:09 -0700
committerzotlabs <mike@macgirvin.com>2018-06-17 17:30:09 -0700
commite4ed0f8acd5a994d7098e89e4408698d3b7a6129 (patch)
tree97b8f939bbc669611f1f30d3214dacb59b883bb5
parenteedfb7de3238f202e539407e7c6eaac1838f7015 (diff)
downloadvolse-hubzilla-e4ed0f8acd5a994d7098e89e4408698d3b7a6129.tar.gz
volse-hubzilla-e4ed0f8acd5a994d7098e89e4408698d3b7a6129.tar.bz2
volse-hubzilla-e4ed0f8acd5a994d7098e89e4408698d3b7a6129.zip
owa: htmlentity encoding encountered in authentication workflow (possibly introduced during Apache mod_rewrite with QSA flag)
-rw-r--r--Zotlabs/Module/Magic.php9
1 files changed, 8 insertions, 1 deletions
diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php
index 4b3a223ba..25c318f30 100644
--- a/Zotlabs/Module/Magic.php
+++ b/Zotlabs/Module/Magic.php
@@ -19,7 +19,11 @@ class Magic extends \Zotlabs\Web\Controller {
$rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0);
$owa = ((x($_REQUEST,'owa')) ? intval($_REQUEST['owa']) : 0);
$delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : '');
-
+
+ // Apache(?) appears to perform an htmlentities() operation on this variable
+
+ $dest = html_entity_decode($dest);
+
$parsed = parse_url($dest);
if(! $parsed) {
if($test) {
@@ -139,6 +143,9 @@ class Magic extends \Zotlabs\Web\Controller {
if($owa) {
+ $dest = strip_zids($dest);
+ $dest = strip_query_param($dest,'f');
+
$headers = [];
$headers['Accept'] = 'application/x-zot+json' ;
$headers['X-Open-Web-Auth'] = random_string();