bitPickups/friendica_2021.01_tupambae_shared_hosting
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #10463 from annando/proxy-security

Browse source 
Proxy: Avoid access for not logged in users
This commit is contained in:
Hypolite Petovan 2021-07-04 10:12:36 -04:00 committed by GitHub
parent c0579bcad9 24f013a654
commit bedc8e1427
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/Module/Proxy.php
View file

@ -23,6 +23,7 @@ namespace Friendica\Module;
use Friendica\BaseModule;
use Friendica\Core\Logger;
use Friendica\Core\System;
use Friendica\DI;
use Friendica\Model\Photo;
use Friendica\Object\Image;
@ -45,7 +46,7 @@ class Proxy extends BaseModule
* Sets application instance and checks if /proxy/ path is writable.
*
*/
public static function init(array $parameters = [])
public static function rawContent(array $parameters = [])
{
// Set application instance here
$a = DI::app();
@ -89,6 +90,11 @@ class Proxy extends BaseModule
throw new \Friendica\Network\HTTPException\BadRequestException();
}
if (!local_user()) {
Logger::info('Redirecting not logged in user to original address', ['url' => $request['url']]);
System::externalRedirect($request['url']);
}
// Webserver already tried direct cache...
// Try to use filecache;