aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2018-07-18 17:05:38 -0700
committerzotlabs <mike@macgirvin.com>2018-07-18 17:05:38 -0700
commit5ce50d0a2e15ae66765a68ba2785a87ecda57f6a (patch)
tree52c5b31392f6ea036420fc1014e4366075710e99 /Zotlabs
parent744d548380fb3df074ce8abb78977ddc344744db (diff)
downloadvolse-hubzilla-5ce50d0a2e15ae66765a68ba2785a87ecda57f6a.tar.gz
volse-hubzilla-5ce50d0a2e15ae66765a68ba2785a87ecda57f6a.tar.bz2
volse-hubzilla-5ce50d0a2e15ae66765a68ba2785a87ecda57f6a.zip
mangled urls on redirects
Diffstat (limited to 'Zotlabs')
-rw-r--r--Zotlabs/Module/Magic.php7
-rw-r--r--Zotlabs/Module/Manage.php2
-rw-r--r--Zotlabs/Module/Nojs.php4
-rw-r--r--Zotlabs/Module/Rmagic.php10
-rw-r--r--Zotlabs/Web/CheckJS.php2
5 files changed, 13 insertions, 12 deletions
diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php
index 25c318f30..e034f1cdf 100644
--- a/Zotlabs/Module/Magic.php
+++ b/Zotlabs/Module/Magic.php
@@ -14,15 +14,16 @@ class Magic extends \Zotlabs\Web\Controller {
logger('mod_magic: args: ' . print_r($_REQUEST,true),LOGGER_DATA);
$addr = ((x($_REQUEST,'addr')) ? $_REQUEST['addr'] : '');
+ $bdest = ((x($_REQUEST,'bdest')) ? $_REQUEST['bdest'] : '');
$dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : '');
$test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0);
$rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0);
$owa = ((x($_REQUEST,'owa')) ? intval($_REQUEST['owa']) : 0);
$delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : '');
- // Apache(?) appears to perform an htmlentities() operation on this variable
-
- $dest = html_entity_decode($dest);
+
+ if($bdest)
+ $dest = hex2bin($bdest);
$parsed = parse_url($dest);
if(! $parsed) {
diff --git a/Zotlabs/Module/Manage.php b/Zotlabs/Module/Manage.php
index 9c5c32294..2c88a4df0 100644
--- a/Zotlabs/Module/Manage.php
+++ b/Zotlabs/Module/Manage.php
@@ -156,7 +156,7 @@ class Manage extends \Zotlabs\Web\Controller {
if($delegates) {
for($x = 0; $x < count($delegates); $x ++) {
- $delegates[$x]['link'] = 'magic?f=&dest=' . urlencode($delegates[$x]['xchan_url'])
+ $delegates[$x]['link'] = 'magic?f=&bdest=' . bin2hex($delegates[$x]['xchan_url'])
. '&delegate=' . urlencode($delegates[$x]['xchan_addr']);
$delegates[$x]['channel_name'] = $delegates[$x]['xchan_name'];
$delegates[$x]['delegate'] = 1;
diff --git a/Zotlabs/Module/Nojs.php b/Zotlabs/Module/Nojs.php
index 6fd6d8106..5f3d80ecd 100644
--- a/Zotlabs/Module/Nojs.php
+++ b/Zotlabs/Module/Nojs.php
@@ -7,8 +7,8 @@ class Nojs extends \Zotlabs\Web\Controller {
function init() {
$n = ((argc() > 1) ? intval(argv(1)) : 1);
setcookie('jsdisabled', $n, 0, '/');
- $p = $_GET['redir'];
- $hasq = strpos($p,'?');
+ $p = hex2bin($_GET['redir']);
+ $hasq = strpbrk($p,'?&');
goaway(z_root() . (($p) ? '/' . $p : '') . (($hasq) ? '' : '?f=' ) . '&jsdisabled=' . $n);
}
diff --git a/Zotlabs/Module/Rmagic.php b/Zotlabs/Module/Rmagic.php
index bfc03f6ec..33a6689ca 100644
--- a/Zotlabs/Module/Rmagic.php
+++ b/Zotlabs/Module/Rmagic.php
@@ -17,8 +17,8 @@ class Rmagic extends \Zotlabs\Web\Controller {
if($r) {
if($r[0]['hubloc_url'] === z_root())
goaway(z_root() . '/login');
- $dest = z_root() . '/' . str_replace(['rmagic','zid='],['','zid_='],\App::$query_string);
- goaway($r[0]['hubloc_url'] . '/magic' . '?f=&owa=1&dest=' . $dest);
+ $dest = bin2hex(z_root() . '/' . str_replace(['rmagic','zid='],['','zid_='],\App::$query_string));
+ goaway($r[0]['hubloc_url'] . '/magic' . '?f=&owa=1&bdest=' . $dest);
}
}
}
@@ -59,11 +59,11 @@ class Rmagic extends \Zotlabs\Web\Controller {
if($url) {
if($_SESSION['return_url'])
- $dest = urlencode(z_root() . '/' . str_replace('zid=','zid_=',$_SESSION['return_url']));
+ $dest = bin2hex(z_root() . '/' . str_replace('zid=','zid_=',$_SESSION['return_url']));
else
- $dest = urlencode(z_root() . '/' . str_replace([ 'rmagic', 'zid=' ] ,[ '', 'zid_='],\App::$query_string));
+ $dest = bin2hex(z_root() . '/' . str_replace([ 'rmagic', 'zid=' ] ,[ '', 'zid_='],\App::$query_string));
- goaway($url . '/magic' . '?f=&owa=1&dest=' . $dest);
+ goaway($url . '/magic' . '?f=&owa=1&bdest=' . $dest);
}
}
}
diff --git a/Zotlabs/Web/CheckJS.php b/Zotlabs/Web/CheckJS.php
index 8179ceb15..c8547b6dd 100644
--- a/Zotlabs/Web/CheckJS.php
+++ b/Zotlabs/Web/CheckJS.php
@@ -18,7 +18,7 @@ class CheckJS {
$this->jsdisabled = 0;
if(! $this->jsdisabled) {
- $page = urlencode(\App::$query_string);
+ $page = bin2hex(\App::$query_string);
if($test) {
$this->jsdisabled = 1;