diff options
| author | zotlabs <mike@macgirvin.com> | 2018-06-17 17:30:09 -0700 |
|---|---|---|
| committer | zotlabs <mike@macgirvin.com> | 2018-06-17 17:30:09 -0700 |
| commit | e4ed0f8acd5a994d7098e89e4408698d3b7a6129 (patch) | |
| tree | 97b8f939bbc669611f1f30d3214dacb59b883bb5 /Zotlabs | |
| parent | eedfb7de3238f202e539407e7c6eaac1838f7015 (diff) | |
| download | volse-hubzilla-e4ed0f8acd5a994d7098e89e4408698d3b7a6129.tar.gz volse-hubzilla-e4ed0f8acd5a994d7098e89e4408698d3b7a6129.tar.bz2 volse-hubzilla-e4ed0f8acd5a994d7098e89e4408698d3b7a6129.zip | |
owa: htmlentity encoding encountered in authentication workflow (possibly introduced during Apache mod_rewrite with QSA flag)
Diffstat (limited to 'Zotlabs')
| -rw-r--r-- | Zotlabs/Module/Magic.php | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index 4b3a223ba..25c318f30 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -19,7 +19,11 @@ class Magic extends \Zotlabs\Web\Controller { $rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0); $owa = ((x($_REQUEST,'owa')) ? intval($_REQUEST['owa']) : 0); $delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : ''); - + + // Apache(?) appears to perform an htmlentities() operation on this variable + + $dest = html_entity_decode($dest); + $parsed = parse_url($dest); if(! $parsed) { if($test) { @@ -139,6 +143,9 @@ class Magic extends \Zotlabs\Web\Controller { if($owa) { + $dest = strip_zids($dest); + $dest = strip_query_param($dest,'f'); + $headers = []; $headers['Accept'] = 'application/x-zot+json' ; $headers['X-Open-Web-Auth'] = random_string(); |