diff options
author | zotlabs <mike@macgirvin.com> | 2018-07-18 17:05:38 -0700 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2018-07-18 17:05:38 -0700 |
commit | 5ce50d0a2e15ae66765a68ba2785a87ecda57f6a (patch) | |
tree | 52c5b31392f6ea036420fc1014e4366075710e99 /Zotlabs | |
parent | 744d548380fb3df074ce8abb78977ddc344744db (diff) | |
download | volse-hubzilla-5ce50d0a2e15ae66765a68ba2785a87ecda57f6a.tar.gz volse-hubzilla-5ce50d0a2e15ae66765a68ba2785a87ecda57f6a.tar.bz2 volse-hubzilla-5ce50d0a2e15ae66765a68ba2785a87ecda57f6a.zip |
mangled urls on redirects
Diffstat (limited to 'Zotlabs')
-rw-r--r-- | Zotlabs/Module/Magic.php | 7 | ||||
-rw-r--r-- | Zotlabs/Module/Manage.php | 2 | ||||
-rw-r--r-- | Zotlabs/Module/Nojs.php | 4 | ||||
-rw-r--r-- | Zotlabs/Module/Rmagic.php | 10 | ||||
-rw-r--r-- | Zotlabs/Web/CheckJS.php | 2 |
5 files changed, 13 insertions, 12 deletions
diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index 25c318f30..e034f1cdf 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -14,15 +14,16 @@ class Magic extends \Zotlabs\Web\Controller { logger('mod_magic: args: ' . print_r($_REQUEST,true),LOGGER_DATA); $addr = ((x($_REQUEST,'addr')) ? $_REQUEST['addr'] : ''); + $bdest = ((x($_REQUEST,'bdest')) ? $_REQUEST['bdest'] : ''); $dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : ''); $test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0); $rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0); $owa = ((x($_REQUEST,'owa')) ? intval($_REQUEST['owa']) : 0); $delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : ''); - // Apache(?) appears to perform an htmlentities() operation on this variable - - $dest = html_entity_decode($dest); + + if($bdest) + $dest = hex2bin($bdest); $parsed = parse_url($dest); if(! $parsed) { diff --git a/Zotlabs/Module/Manage.php b/Zotlabs/Module/Manage.php index 9c5c32294..2c88a4df0 100644 --- a/Zotlabs/Module/Manage.php +++ b/Zotlabs/Module/Manage.php @@ -156,7 +156,7 @@ class Manage extends \Zotlabs\Web\Controller { if($delegates) { for($x = 0; $x < count($delegates); $x ++) { - $delegates[$x]['link'] = 'magic?f=&dest=' . urlencode($delegates[$x]['xchan_url']) + $delegates[$x]['link'] = 'magic?f=&bdest=' . bin2hex($delegates[$x]['xchan_url']) . '&delegate=' . urlencode($delegates[$x]['xchan_addr']); $delegates[$x]['channel_name'] = $delegates[$x]['xchan_name']; $delegates[$x]['delegate'] = 1; diff --git a/Zotlabs/Module/Nojs.php b/Zotlabs/Module/Nojs.php index 6fd6d8106..5f3d80ecd 100644 --- a/Zotlabs/Module/Nojs.php +++ b/Zotlabs/Module/Nojs.php @@ -7,8 +7,8 @@ class Nojs extends \Zotlabs\Web\Controller { function init() { $n = ((argc() > 1) ? intval(argv(1)) : 1); setcookie('jsdisabled', $n, 0, '/'); - $p = $_GET['redir']; - $hasq = strpos($p,'?'); + $p = hex2bin($_GET['redir']); + $hasq = strpbrk($p,'?&'); goaway(z_root() . (($p) ? '/' . $p : '') . (($hasq) ? '' : '?f=' ) . '&jsdisabled=' . $n); } diff --git a/Zotlabs/Module/Rmagic.php b/Zotlabs/Module/Rmagic.php index bfc03f6ec..33a6689ca 100644 --- a/Zotlabs/Module/Rmagic.php +++ b/Zotlabs/Module/Rmagic.php @@ -17,8 +17,8 @@ class Rmagic extends \Zotlabs\Web\Controller { if($r) { if($r[0]['hubloc_url'] === z_root()) goaway(z_root() . '/login'); - $dest = z_root() . '/' . str_replace(['rmagic','zid='],['','zid_='],\App::$query_string); - goaway($r[0]['hubloc_url'] . '/magic' . '?f=&owa=1&dest=' . $dest); + $dest = bin2hex(z_root() . '/' . str_replace(['rmagic','zid='],['','zid_='],\App::$query_string)); + goaway($r[0]['hubloc_url'] . '/magic' . '?f=&owa=1&bdest=' . $dest); } } } @@ -59,11 +59,11 @@ class Rmagic extends \Zotlabs\Web\Controller { if($url) { if($_SESSION['return_url']) - $dest = urlencode(z_root() . '/' . str_replace('zid=','zid_=',$_SESSION['return_url'])); + $dest = bin2hex(z_root() . '/' . str_replace('zid=','zid_=',$_SESSION['return_url'])); else - $dest = urlencode(z_root() . '/' . str_replace([ 'rmagic', 'zid=' ] ,[ '', 'zid_='],\App::$query_string)); + $dest = bin2hex(z_root() . '/' . str_replace([ 'rmagic', 'zid=' ] ,[ '', 'zid_='],\App::$query_string)); - goaway($url . '/magic' . '?f=&owa=1&dest=' . $dest); + goaway($url . '/magic' . '?f=&owa=1&bdest=' . $dest); } } } diff --git a/Zotlabs/Web/CheckJS.php b/Zotlabs/Web/CheckJS.php index 8179ceb15..c8547b6dd 100644 --- a/Zotlabs/Web/CheckJS.php +++ b/Zotlabs/Web/CheckJS.php @@ -18,7 +18,7 @@ class CheckJS { $this->jsdisabled = 0; if(! $this->jsdisabled) { - $page = urlencode(\App::$query_string); + $page = bin2hex(\App::$query_string); if($test) { $this->jsdisabled = 1; |