From e4ed0f8acd5a994d7098e89e4408698d3b7a6129 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 17 Jun 2018 17:30:09 -0700 Subject: owa: htmlentity encoding encountered in authentication workflow (possibly introduced during Apache mod_rewrite with QSA flag) --- Zotlabs/Module/Magic.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index 4b3a223ba..25c318f30 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -19,7 +19,11 @@ class Magic extends \Zotlabs\Web\Controller { $rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0); $owa = ((x($_REQUEST,'owa')) ? intval($_REQUEST['owa']) : 0); $delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : ''); - + + // Apache(?) appears to perform an htmlentities() operation on this variable + + $dest = html_entity_decode($dest); + $parsed = parse_url($dest); if(! $parsed) { if($test) { @@ -139,6 +143,9 @@ class Magic extends \Zotlabs\Web\Controller { if($owa) { + $dest = strip_zids($dest); + $dest = strip_query_param($dest,'f'); + $headers = []; $headers['Accept'] = 'application/x-zot+json' ; $headers['X-Open-Web-Auth'] = random_string(); -- cgit v1.2.3