From a05c8ff66bd8d09f69f6c59bc49b7627792f4109 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 18 Jul 2018 17:48:23 -0700 Subject: query filter was a bit greedy --- Zotlabs/Module/Magic.php | 1 - boot.php | 3 ++- include/channel.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index e034f1cdf..be6866592 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -21,7 +21,6 @@ class Magic extends \Zotlabs\Web\Controller { $owa = ((x($_REQUEST,'owa')) ? intval($_REQUEST['owa']) : 0); $delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : ''); - if($bdest) $dest = hex2bin($bdest); diff --git a/boot.php b/boot.php index 3b8347c30..5f833c132 100755 --- a/boot.php +++ b/boot.php @@ -874,11 +874,12 @@ class App { } if((x($_SERVER,'QUERY_STRING')) && substr($_SERVER['QUERY_STRING'], 0, 2) === "q=") { - self::$query_string = escape_tags(substr($_SERVER['QUERY_STRING'], 2)); + self::$query_string = str_replace(['<','>'],['<','>'],substr($_SERVER['QUERY_STRING'], 2); // removing trailing / - maybe a nginx problem if (substr(self::$query_string, 0, 1) == "/") self::$query_string = substr(self::$query_string, 1); } + if(x($_GET,'q')) self::$cmd = escape_tags(trim($_GET['q'],'/\\')); diff --git a/include/channel.php b/include/channel.php index 59dd60ea2..d7c5a2511 100644 --- a/include/channel.php +++ b/include/channel.php @@ -1710,7 +1710,7 @@ function zid_init() { // try to avoid recursion - but send them home to do a proper magic auth $query = App::$query_string; $query = str_replace(array('?zid=','&zid='),array('?rzid=','&rzid='),$query); - $dest = '/' . urlencode($query); + $dest = '/' . $query; if($r && ($r[0]['hubloc_url'] != z_root()) && (! strstr($dest,'/magic')) && (! strstr($dest,'/rmagic'))) { goaway($r[0]['hubloc_url'] . '/magic' . '?f=&rev=1&owa=1&bdest=' . bin2hex(z_root() . $dest)); } -- cgit v1.2.3