From e4ed0f8acd5a994d7098e89e4408698d3b7a6129 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Sun, 17 Jun 2018 17:30:09 -0700
Subject: owa: htmlentity encoding encountered in authentication workflow
 (possibly introduced during Apache mod_rewrite with QSA flag)

---
 Zotlabs/Module/Magic.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'Zotlabs/Module/Magic.php')

diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php
index 4b3a223ba..25c318f30 100644
--- a/Zotlabs/Module/Magic.php
+++ b/Zotlabs/Module/Magic.php
@@ -19,7 +19,11 @@ class Magic extends \Zotlabs\Web\Controller {
 		$rev  = ((x($_REQUEST,'rev'))  ? intval($_REQUEST['rev'])  : 0);
 		$owa  = ((x($_REQUEST,'owa'))  ? intval($_REQUEST['owa'])  : 0);
 		$delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate']  : '');
-	
+
+		// Apache(?) appears to perform an htmlentities() operation on this variable
+
+		$dest = html_entity_decode($dest);	
+
 		$parsed = parse_url($dest);
 		if(! $parsed) {
 			if($test) {
@@ -139,6 +143,9 @@ class Magic extends \Zotlabs\Web\Controller {
 
 			if($owa) {
 
+				$dest = strip_zids($dest);
+				$dest = strip_query_param($dest,'f');
+
 				$headers = [];
 				$headers['Accept'] = 'application/x-zot+json' ;
 				$headers['X-Open-Web-Auth'] = random_string();
-- 
cgit v1.2.3