From 1159dd59edc40b753b9f4fe55165b4ee3c22285d Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 3 Nov 2017 14:07:00 -0700 Subject: fix cloud redirects with owt tokens --- include/zid.php | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'include/zid.php') diff --git a/include/zid.php b/include/zid.php index ce9f70385..5ade6b0f8 100644 --- a/include/zid.php +++ b/include/zid.php @@ -89,10 +89,35 @@ function strip_zids($s) { return preg_replace('/[\?&]zid=(.*?)(&|$)/ism','$2',$s); } +function strip_owt($s) { + return preg_replace('/[\?&]owt=(.*?)(&|$)/ism','$2',$s); +} + function strip_zats($s) { return preg_replace('/[\?&]zat=(.*?)(&|$)/ism','$2',$s); } +function strip_auth_query_params() { + + $_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']); + $_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']); + $_SERVER['QUERY_STRING'] = strip_owt($_SERVER['QUERY_STRING']); + + $_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']); + $_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']); + $_SERVER['REQUEST_URI'] = strip_owt($_SERVER['REQUEST_URI']); + + + $_ENV['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_ENV['QUERY_STRING']); + $_ENV['QUERY_STRING'] = strip_zids($_ENV['QUERY_STRING']); + $_ENV['QUERY_STRING'] = strip_owt($_ENV['QUERY_STRING']); + + $_ENV['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_ENV['REQUEST_URI']); + $_ENV['REQUEST_URI'] = strip_zids($_ENV['REQUEST_URI']); + $_ENV['REQUEST_URI'] = strip_owt($_ENV['REQUEST_URI']); + +} + /** * zidify_callback() and zidify_links() work together to turn any HTML a tags with class="zrl" into zid links -- cgit v1.2.3 From 1a737be2b408135177a9e94dcffd0f68c0aca90b Mon Sep 17 00:00:00 2001 From: Klaus Weidenbach Date: Tue, 5 Sep 2017 00:23:42 +0200 Subject: :bulb: Improving Doxygen documentation. Fix some Doxygen parsing errors. Improve hooks documentation. --- include/zid.php | 76 ++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 48 insertions(+), 28 deletions(-) (limited to 'include/zid.php') diff --git a/include/zid.php b/include/zid.php index ce9f70385..084188770 100644 --- a/include/zid.php +++ b/include/zid.php @@ -21,6 +21,7 @@ function is_matrix_url($url) { } $remembered[$m['host']] = false; } + return false; } @@ -32,14 +33,8 @@ function is_matrix_url($url) { * @param boolean $address * $address to use instead of session environment * @return string - * - * @hooks 'zid' - * string url - url to accept zid - * string zid - urlencoded zid - * string result - the return string we calculated, change it if you want to return something else */ - -function zid($s,$address = '') { +function zid($s, $address = '') { if (! strlen($s) || strpos($s,'zid=')) return $s; @@ -74,7 +69,18 @@ function zid($s,$address = '') { if($fragment) $zurl .= '#' . $fragment; - $arr = array('url' => $s, 'zid' => urlencode($myaddr), 'result' => $zurl); + $arr = [ + 'url' => $s, + 'zid' => urlencode($myaddr), + 'result' => $zurl + ]; + /** + * @hooks zid + * Called when adding the observer's zid to a URL. + * * \e string \b url - url to accept zid + * * \e string \b zid - urlencoded zid + * * \e string \b result - the return string we calculated, change it if you want to return something else + */ call_hooks('zid', $arr); return $arr['result']; @@ -100,25 +106,26 @@ function strip_zats($s) { * because the latter is used for general purpose conversions and the former is used only when preparing text for * immediate display. * - * Issues: Currently the order of HTML parameters in the text is somewhat rigid and inflexible. + * @TODO Issues: Currently the order of HTML parameters in the text is somewhat rigid and inflexible. * We assume it looks like \ and will not work if zrl and href appear in a different order. * * @param array $match * @return string */ function zidify_callback($match) { - $is_zid = ((feature_enabled(local_channel(),'sendzid')) || (strpos($match[1],'zrl')) ? true : false); + $is_zid = ((feature_enabled(local_channel(), 'sendzid')) || (strpos($match[1], 'zrl')) ? true : false); $replace = ' $hubloc, 'url' => \App::$query_string, 'session' => $_SESSION); - call_hooks('magic_auth_success',$arr); + $arr = [ + 'xchan' => $hubloc, + 'url' => \App::$query_string, + 'session' => $_SESSION + ]; + /** + * @hooks magic_auth_success + * Called when a magic-auth was successful. + * * \e array \b xchan + * * \e string \b url + * * \e array \b session + */ + call_hooks('magic_auth_success', $arr); + \App::set_observer($hubloc); require_once('include/security.php'); \App::set_groups(init_groups_visitor($_SESSION['visitor_id'])); - if(! get_config('system','hide_owa_greeting')) + if(! get_config('system', 'hide_owa_greeting')) info(sprintf( t('OpenWebAuth: %1$s welcomes %2$s'),\App::get_hostname(), $hubloc['xchan_name'])); - logger('OpenWebAuth: auth success from ' . $hubloc['xchan_addr']); - + logger('OpenWebAuth: auth success from ' . $hubloc['xchan_addr']); } \ No newline at end of file -- cgit v1.2.3 From 7efcb3c75f08c8d974f13cd8b5f32f14749d8b6e Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 5 Nov 2017 19:47:44 -0800 Subject: allow cloud filenames to include ampersands without messing up auth tokens (zid, owt, and zat, and the constant placeholder 'f=') --- include/zid.php | 21 +++++---------------- 1 file changed, 5 insertions(+), 16 deletions(-) (limited to 'include/zid.php') diff --git a/include/zid.php b/include/zid.php index 359b1721f..d1a0fa88a 100644 --- a/include/zid.php +++ b/include/zid.php @@ -103,25 +103,14 @@ function strip_zats($s) { return preg_replace('/[\?&]zat=(.*?)(&|$)/ism','$2',$s); } -function strip_auth_query_params() { - $_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']); - $_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']); - $_SERVER['QUERY_STRING'] = strip_owt($_SERVER['QUERY_STRING']); - $_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']); - $_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']); - $_SERVER['REQUEST_URI'] = strip_owt($_SERVER['REQUEST_URI']); - - - $_ENV['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_ENV['QUERY_STRING']); - $_ENV['QUERY_STRING'] = strip_zids($_ENV['QUERY_STRING']); - $_ENV['QUERY_STRING'] = strip_owt($_ENV['QUERY_STRING']); - - $_ENV['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_ENV['REQUEST_URI']); - $_ENV['REQUEST_URI'] = strip_zids($_ENV['REQUEST_URI']); - $_ENV['REQUEST_URI'] = strip_owt($_ENV['REQUEST_URI']); +function clean_query_string() { + $x = strip_zids(\App::$query_string); + $x = strip_owt($x); + $x = strip_zats($x); + return strip_query_param($x,'f'); } -- cgit v1.2.3 From 2f5990962c9f74d354239aea0153700565155232 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 2 Jan 2018 14:04:43 -0800 Subject: issues with feed parameters --- include/zid.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include/zid.php') diff --git a/include/zid.php b/include/zid.php index d1a0fa88a..6ebc9a6ab 100644 --- a/include/zid.php +++ b/include/zid.php @@ -105,8 +105,8 @@ function strip_zats($s) { -function clean_query_string() { - $x = strip_zids(\App::$query_string); +function clean_query_string($s = '') { + $x = strip_zids(($s) ? $s : \App::$query_string); $x = strip_owt($x); $x = strip_zats($x); -- cgit v1.2.3