Merge pull request #5907 from nupplaphil/goaway_to_redirectto

Replaced goaway() with System::redirect()

boot.php

@@ -598,21 +598,6 @@ function killme()
 	exit();
 }
 
-/**
- * @brief Redirect to another URL and terminate this process.
- */
-function goaway($path = '')
-{
-	if (strstr(normalise_link($path), 'http://')) {
-		$url = $path;
-	} else {
-		$url = System::baseUrl() . '/' . ltrim($path, '/');
-	}
-
-	header("Location: $url");
-	killme();
-}
-
 /**
  * @brief Returns the user id of locally logged in user or false.
  *

include/api.php

@@ -4809,7 +4809,8 @@ function api_friendica_remoteauth()
 
 	logger($contact['name'] . ' ' . $sec, LOGGER_DEBUG);
 	$dest = ($url ? '&destination_url=' . $url : '');
-	goaway(
+
+	System::externalRedirect(
 		$contact['poll'] . '?dfrn_id=' . $dfrn_id
 		. '&dfrn_version=' . DFRN_PROTOCOL_VERSION
 		. '&type=profile&sec=' . $sec . $dest

include/conversation.php

@@ -534,7 +534,7 @@ function conversation(App $a, array $items, $mode, $update, $preview = false, $o
 	$page_dropping = ((local_user() && local_user() == $profile_owner) ? true : false);
 
 	if (!$update) {
-		$_SESSION['return_url'] = $a->query_string;
+		$_SESSION['return_path'] = $a->query_string;
 	}
 
 	$cb = ['items' => $items, 'mode' => $mode, 'update' => $update, 'preview' => $preview];

include/items.php

@@ -354,7 +354,7 @@ function drop_item($id)
 
 	if (!DBA::isResult($item)) {
 		notice(L10n::t('Item not found.') . EOL);
-		goaway('/network');
+		$a->internalRedirect('network');
 	}
 
 	if ($item['deleted']) {
@@ -401,17 +401,17 @@ function drop_item($id)
 		}
 		// Now check how the user responded to the confirmation query
 		if (!empty($_REQUEST['canceled'])) {
-			goaway('/display/' . $item['guid']);
+			$a->internalRedirect('display/' . $item['guid']);
 		}
 
 		// delete the item
 		Item::deleteForUser(['id' => $item['id']], local_user());
 
-		goaway('/network');
+		$a->internalRedirect('network');
 		//NOTREACHED
 	} else {
 		notice(L10n::t('Permission denied.') . EOL);
-		goaway('/display/' . $item['guid']);
+		$a->internalRedirect('display/' . $item['guid']);
 		//NOTREACHED
 	}
 }

mod/admin.php

@@ -82,7 +82,7 @@ function admin_post(App $a)
 					if ($a->isAjax()) {
 						return;
 					}
-					goaway('admin/');
+					$a->internalRedirect('admin/');
 					return;
 				}
 
@@ -135,7 +135,7 @@ function admin_post(App $a)
 		}
 	}
 
-	goaway($return_path);
+	$a->internalRedirect($return_path);
 	return; // NOTREACHED
 }
 
@@ -340,7 +340,7 @@ function admin_page_tos_post(App $a)
 	Config::set('system', 'tosprivstatement', $displayprivstatement);
 	Config::set('system', 'tostext', $tostext);
 
-	goaway('admin/tos');
+	$a->internalRedirect('admin/tos');
 
 	return; // NOTREACHED
 }
@@ -429,7 +429,7 @@ function admin_page_blocklist_post(App $a)
 		Config::set('system', 'blocklist', $blocklist);
 		info(L10n::t('Site blocklist updated.') . EOL);
 	}
-	goaway('admin/blocklist');
+	$a->internalRedirect('admin/blocklist');
 
 	return; // NOTREACHED
 }
@@ -461,7 +461,7 @@ function admin_page_contactblock_post(App $a)
 		}
 		notice(L10n::tt("%s contact unblocked", "%s contacts unblocked", count($contacts)));
 	}
-	goaway('admin/contactblock');
+	$a->internalRedirect('admin/contactblock');
 	return; // NOTREACHED
 }
 
@@ -569,7 +569,7 @@ function admin_page_deleteitem_post(App $a)
 	}
 
 	info(L10n::t('Item marked for deletion.') . EOL);
-	goaway('admin/deleteitem');
+	$a->internalRedirect('admin/deleteitem');
 	return; // NOTREACHED
 }
 
@@ -965,7 +965,7 @@ function admin_page_site_post(App $a)
 		$parsed = @parse_url($new_url);
 		if (!is_array($parsed) || !x($parsed, 'host') || !x($parsed, 'scheme')) {
 			notice(L10n::t("Can not parse base url. Must have at least <scheme>://<domain>"));
-			goaway('admin/site');
+			$a->internalRedirect('admin/site');
 		}
 
 		/* steps:
@@ -973,13 +973,13 @@ function admin_page_site_post(App $a)
 		 * send relocate for every local user
 		 * */
 
-		$old_url = System::baseUrl(true);
+		$old_url = $a->getBaseURL(true);
 
 		// Generate host names for relocation the addresses in the format user@address.tld
 		$new_host = str_replace("http://", "@", normalise_link($new_url));
 		$old_host = str_replace("http://", "@", normalise_link($old_url));
 
-		function update_table($table_name, $fields, $old_url, $new_url)
+		function update_table(App $a, $table_name, $fields, $old_url, $new_url)
 		{
 			$dbold = DBA::escape($old_url);
 			$dbnew = DBA::escape($new_url);
@@ -995,20 +995,20 @@ function admin_page_site_post(App $a)
 
 			if (!DBA::isResult($r)) {
 				notice("Failed updating '$table_name': " . DBA::errorMessage());
-				goaway('admin/site');
+				$a->internalRedirect('admin/site');
 			}
 		}
 		// update tables
 		// update profile links in the format "http://server.tld"
-		update_table("profile", ['photo', 'thumb'], $old_url, $new_url);
+		update_table($a, "profile", ['photo', 'thumb'], $old_url, $new_url);
-		update_table("term", ['url'], $old_url, $new_url);
+		update_table($a, "term", ['url'], $old_url, $new_url);
-		update_table("contact", ['photo', 'thumb', 'micro', 'url', 'nurl', 'alias', 'request', 'notify', 'poll', 'confirm', 'poco', 'avatar'], $old_url, $new_url);
+		update_table($a, "contact", ['photo', 'thumb', 'micro', 'url', 'nurl', 'alias', 'request', 'notify', 'poll', 'confirm', 'poco', 'avatar'], $old_url, $new_url);
-		update_table("gcontact", ['url', 'nurl', 'photo', 'server_url', 'notify', 'alias'], $old_url, $new_url);
+		update_table($a, "gcontact", ['url', 'nurl', 'photo', 'server_url', 'notify', 'alias'], $old_url, $new_url);
-		update_table("item", ['owner-link', 'author-link', 'body', 'plink', 'tag'], $old_url, $new_url);
+		update_table($a, "item", ['owner-link', 'author-link', 'body', 'plink', 'tag'], $old_url, $new_url);
 
 		// update profile addresses in the format "user@server.tld"
-		update_table("contact", ['addr'], $old_host, $new_host);
+		update_table($a, "contact", ['addr'], $old_host, $new_host);
-		update_table("gcontact", ['connect', 'addr'], $old_host, $new_host);
+		update_table($a, "gcontact", ['connect', 'addr'], $old_host, $new_host);
 
 		// update config
 		Config::set('system', 'hostname', parse_url($new_url,  PHP_URL_HOST));
@@ -1024,7 +1024,7 @@ function admin_page_site_post(App $a)
 
 		info("Relocation started. Could take a while to complete.");
 
-		goaway('admin/site');
+		$a->internalRedirect('admin/site');
 	}
 	// end relocate
 
@@ -1298,7 +1298,7 @@ function admin_page_site_post(App $a)
 	Config::set('system', 'rino_encrypt', $rino);
 
 	info(L10n::t('Site settings updated.') . EOL);
-	goaway('admin/site');
+	$a->internalRedirect('admin/site');
 	return; // NOTREACHED
 }
 
@@ -1570,7 +1570,7 @@ function admin_page_dbsync(App $a)
 			Config::set('system', 'build', intval($curr) + 1);
 		}
 		info(L10n::t('Update has been marked successful') . EOL);
-		goaway('admin/dbsync');
+		$a->internalRedirect('admin/dbsync');
 	}
 
 	if (($a->argc > 2) && (intval($a->argv[2]) || ($a->argv[2] === 'check'))) {
@@ -1745,7 +1745,7 @@ function admin_page_users_post(App $a)
 			user_deny($hash);
 		}
 	}
-	goaway('admin/users');
+	$a->internalRedirect('admin/users');
 	return; // NOTREACHED
 }
 
@@ -1768,7 +1768,7 @@ function admin_page_users(App $a)
 		$user = DBA::selectFirst('user', ['username', 'blocked'], ['uid' => $uid]);
 		if (!DBA::isResult($user)) {
 			notice('User not found' . EOL);
-			goaway('admin/users');
+			$a->internalRedirect('admin/users');
 			return ''; // NOTREACHED
 		}
 		switch ($a->argv[2]) {
@@ -1788,7 +1788,7 @@ function admin_page_users(App $a)
 				notice(sprintf(($user['blocked'] ? L10n::t("User '%s' unblocked") : L10n::t("User '%s' blocked")), $user['username']) . EOL);
 				break;
 		}
-		goaway('admin/users');
+		$a->internalRedirect('admin/users');
 		return ''; // NOTREACHED
 	}
 
@@ -1986,7 +1986,7 @@ function admin_page_addons(App $a)
 				info(L10n::t("Addon %s enabled.", $addon));
 			}
 			Config::set("system", "addon", implode(", ", $a->addons));
-			goaway('admin/addons');
+			$a->internalRedirect('admin/addons');
 			return ''; // NOTREACHED
 		}
 
@@ -2020,7 +2020,7 @@ function admin_page_addons(App $a)
 			'$page' => L10n::t('Addons'),
 			'$toggle' => L10n::t('Toggle'),
 			'$settings' => L10n::t('Settings'),
-			'$baseurl' => System::baseUrl(true),
+			'$baseurl' => $a->getBaseURL(true),
 
 			'$addon' => $addon,
 			'$status' => $status,
@@ -2042,10 +2042,10 @@ function admin_page_addons(App $a)
 	 * List addons
 	 */
 	if (x($_GET, "a") && $_GET['a'] == "r") {
-		BaseModule::checkFormSecurityTokenRedirectOnError(System::baseUrl() . '/admin/addons', 'admin_themes', 't');
+		BaseModule::checkFormSecurityTokenRedirectOnError($a->getBaseURL() . '/admin/addons', 'admin_themes', 't');
 		Addon::reload();
 		info("Addons reloaded");
-		goaway(System::baseUrl() . '/admin/addons');
+		$a->internalRedirect('admin/addons');
 	}
 
 	$addons = [];
@@ -2235,7 +2235,7 @@ function admin_page_themes(App $a)
 			}
 
 			Config::set('system', 'allowed_themes', $s);
-			goaway('admin/themes');
+			$a->internalRedirect('admin/themes');
 			return ''; // NOTREACHED
 		}
 
@@ -2316,7 +2316,7 @@ function admin_page_themes(App $a)
 			}
 		}
 		info("Themes reloaded");
-		goaway(System::baseUrl() . '/admin/themes');
+		$a->internalRedirect('admin/themes');
 	}
 
 	/*
@@ -2365,7 +2365,7 @@ function admin_page_logs_post(App $a)
 	}
 
 	info(L10n::t("Log settings updated."));
-	goaway('admin/logs');
+	$a->internalRedirect('admin/logs');
 	return; // NOTREACHED
 }
 
@@ -2513,7 +2513,7 @@ function admin_page_features_post(App $a)
 		}
 	}
 
-	goaway('admin/features');
+	$a->internalRedirect('admin/features');
 	return; // NOTREACHED
 }
 

mod/api.php

@@ -5,6 +5,7 @@
 use Friendica\App;
 use Friendica\Core\Config;
 use Friendica\Core\L10n;
+use Friendica\Core\System;
 use Friendica\Database\DBA;
 use Friendica\Module\Login;
 
@@ -76,7 +77,7 @@ function api_content(App $a)
 				if (strstr($consumer->callback_url, $glue)) {
 					$glue = "?";
 				}
-				goaway($consumer->callback_url . $glue . "oauth_token=" . OAuthUtil::urlencode_rfc3986($params['oauth_token']) . "&oauth_verifier=" . OAuthUtil::urlencode_rfc3986($verifier));
+				$a->internalRedirect($consumer->callback_url . $glue . 'oauth_token=' . OAuthUtil::urlencode_rfc3986($params['oauth_token']) . '&oauth_verifier=' . OAuthUtil::urlencode_rfc3986($verifier));
 				killme();
 			}
 

mod/cal.php

@@ -301,7 +301,7 @@ function cal_content(App $a)
 		// Respect the export feature setting for all other /cal pages if it's not the own profile
 		if ((local_user() !== intval($owner_uid)) && !Feature::isEnabled($owner_uid, "export_calendar")) {
 			notice(L10n::t('Permission denied.') . EOL);
-			goaway('cal/' . $nick);
+			$a->internalRedirect('cal/' . $nick);
 		}
 
 		// Get the export data by uid
@@ -322,7 +322,7 @@ function cal_content(App $a)
 				$return_path = "cal/" . $nick;
 			}
 
-			goaway($return_path);
+			$a->internalRedirect($return_path);
 		}
 
 		// If nothing went wrong we can echo the export content

mod/delegate.php

@@ -62,7 +62,7 @@ function delegate_content(App $a)
 	if ($a->argc > 2 && $a->argv[1] === 'add' && intval($a->argv[2])) {
 		// delegated admins can view but not change delegation permissions
 		if (x($_SESSION, 'submanage')) {
-			goaway(System::baseUrl() . '/delegate');
+			$a->internalRedirect('delegate');
 		}
 
 		$user_id = $a->argv[2];
@@ -77,17 +77,17 @@ function delegate_content(App $a)
 				DBA::insert('manage', ['uid' => $user_id, 'mid' => local_user()]);
 			}
 		}
-		goaway(System::baseUrl() . '/delegate');
+		$a->internalRedirect('delegate');
 	}
 
 	if ($a->argc > 2 && $a->argv[1] === 'remove' && intval($a->argv[2])) {
 		// delegated admins can view but not change delegation permissions
 		if (x($_SESSION, 'submanage')) {
-			goaway(System::baseUrl() . '/delegate');
+			$a->internalRedirect('delegate');
 		}
 
 		DBA::delete('manage', ['uid' => $a->argv[2], 'mid' => local_user()]);
-		goaway(System::baseUrl() . '/delegate');
+		$a->internalRedirect('delegate');
 	}
 
 	// find everybody that currently has delegated management to this account/page

mod/dfrn_confirm.php

@@ -400,7 +400,7 @@ function dfrn_confirm_post(App $a, $handsfree = null)
 		// Let's send our user to the contact editor in case they want to
 		// do anything special with this new friend.
 		if ($handsfree === null) {
-			goaway(System::baseUrl() . '/contact/' . intval($contact_id));
+			$a->internalRedirect('contact/' . intval($contact_id));
 		} else {
 			return;
 		}
@@ -620,6 +620,6 @@ function dfrn_confirm_post(App $a, $handsfree = null)
 	}
 
 	// somebody arrived here by mistake or they are fishing. Send them to the homepage.
-	goaway(System::baseUrl());
+	$a->internalRedirect();
 	// NOTREACHED
 }

mod/dfrn_poll.php

@@ -90,7 +90,7 @@ function dfrn_poll_init(App $a)
 				$my_id = '0:' . $dfrn_id;
 				break;
 			default:
-				goaway(System::baseUrl());
+				$a->internalRedirect();
 				break; // NOTREACHED
 		}
 
@@ -109,7 +109,7 @@ function dfrn_poll_init(App $a)
 			if (strlen($s)) {
 				$xml = XML::parseString($s);
 
-				if ((int) $xml->status === 1) {
+				if ((int)$xml->status === 1) {
 					$_SESSION['authenticated'] = 1;
 					if (!x($_SESSION, 'remote')) {
 						$_SESSION['remote'] = [];
@@ -135,10 +135,15 @@ function dfrn_poll_init(App $a)
 					);
 				}
 			}
-			$profile = $r[0]['nickname'];
+
-			goaway((strlen($destination_url)) ? $destination_url : System::baseUrl() . '/profile/' . $profile);
+			$profile = (count($r) > 0 && isset($r[0]['nickname']) ? $r[0]['nickname'] : '');
+			if (!empty($destination_url)) {
+				System::externalRedirect($destination_url);
+			} else {
+				$a->internalRedirect('profile/' . $profile);
+			}
 		}
-		goaway(System::baseUrl());
+		$a->internalRedirect();
 	}
 
 	if ($type === 'profile-check' && $dfrn_version < 2.2) {
@@ -325,7 +330,7 @@ function dfrn_poll_post(App $a)
 			$my_id = '0:' . $dfrn_id;
 			break;
 		default:
-			goaway(System::baseUrl());
+			$a->internalRedirect();
 			break; // NOTREACHED
 	}
 
@@ -446,7 +451,7 @@ function dfrn_poll_content(App $a)
 				$my_id = '0:' . $dfrn_id;
 				break;
 			default:
-				goaway(System::baseUrl());
+				$a->internalRedirect();
 				break; // NOTREACHED
 		}
 
@@ -505,25 +510,6 @@ function dfrn_poll_content(App $a)
 				])->getBody();
 			}
 
-			$profile = ((DBA::isResult($r) && $r[0]['nickname']) ? $r[0]['nickname'] : $nickname);
-
-			switch ($destination_url) {
-				case 'profile':
-					$dest = System::baseUrl() . '/profile/' . $profile . '?f=&tab=profile';
-					break;
-				case 'photos':
-					$dest = System::baseUrl() . '/photos/' . $profile;
-					break;
-				case 'status':
-				case '':
-					$dest = System::baseUrl() . '/profile/' . $profile;
-					break;
-				default:
-					$appendix = (strstr($destination_url, '?') ? '&f=&redir=1' : '?f=&redir=1');
-					$dest = $destination_url . $appendix;
-					break;
-			}
-
 			logger("dfrn_poll: sec profile: " . $s, LOGGER_DATA);
 
 			if (strlen($s) && strstr($s, '<?xml')) {
@@ -557,10 +543,26 @@ function dfrn_poll_content(App $a)
 						DBA::escape($session_id)
 					);
 				}
-
-				goaway($dest);
 			}
-			goaway($dest);
+
+			$profile = ((DBA::isResult($r) && $r[0]['nickname']) ? $r[0]['nickname'] : $nickname);
+
+			switch ($destination_url) {
+				case 'profile':
+					$a->internalRedirect('profile/' . $profile . '?f=&tab=profile';
+					break;
+				case 'photos':
+					$a->internalRedirect('photos/' . $profile;
+					break;
+				case 'status':
+				case '':
+					$a->internalRedirect('profile/' . $profile;
+					break;
+				default:
+					$appendix = (strstr($destination_url, '?') ? '&f=&redir=1' : '?f=&redir=1');
+					System::externalRedirect($destination_url . $appendix);
+					break;
+			}
 			// NOTREACHED
 		} else {
 			// XML reply

mod/dfrn_request.php

@@ -62,7 +62,7 @@ function dfrn_request_post(App $a)
 	}
 
 	if (x($_POST, 'cancel')) {
-		goaway(System::baseUrl());
+		$a->internalRedirect();
 	}
 
 	/*
@@ -173,9 +173,9 @@ function dfrn_request_post(App $a)
 						Contact::updateAvatar($photo, local_user(), $r[0]["id"], true);
 					}
 
-					$forwardurl = System::baseUrl() . "/contact/" . $r[0]['id'];
+					$forward_path = "contact/" . $r[0]['id'];
 				} else {
-					$forwardurl = System::baseUrl() . "/contact";
+					$forward_path = "contact";
 				}
 
 				// Allow the blocked remote notification to complete
@@ -188,14 +188,14 @@ function dfrn_request_post(App $a)
 				}
 
 				// (ignore reply, nothing we can do it failed)
-				goaway($forwardurl);
+				$a->internalRedirect($forward_path);
 				return; // NOTREACHED
 			}
 		}
 
 		// invalid/bogus request
 		notice(L10n::t('Unrecoverable protocol error.') . EOL);
-		goaway(System::baseUrl());
+		$a->internalRedirect();
 		return; // NOTREACHED
 	}
 
@@ -331,19 +331,19 @@ function dfrn_request_post(App $a)
 				$url = Network::isUrlValid($url);
 				if (!$url) {
 					notice(L10n::t('Invalid profile URL.') . EOL);
-					goaway(System::baseUrl() . '/' . $a->cmd);
+					$a->internalRedirect($a->cmd);
 					return; // NOTREACHED
 				}
 
 				if (!Network::isUrlAllowed($url)) {
 					notice(L10n::t('Disallowed profile URL.') . EOL);
-					goaway(System::baseUrl() . '/' . $a->cmd);
+					$a->internalRedirect($a->cmd);
 					return; // NOTREACHED
 				}
 
 				if (Network::isUrlBlocked($url)) {
 					notice(L10n::t('Blocked domain') . EOL);
-					goaway(System::baseUrl() . '/' . $a->cmd);
+					$a->internalRedirect($a->cmd);
 					return; // NOTREACHED
 				}
 
@@ -351,7 +351,7 @@ function dfrn_request_post(App $a)
 
 				if (!count($parms)) {
 					notice(L10n::t('Profile location is not valid or does not contain profile information.') . EOL);
-					goaway(System::baseUrl() . '/' . $a->cmd);
+					$a->internalRedirect($a->cmd);
 				} else {
 					if (!x($parms, 'fn')) {
 						notice(L10n::t('Warning: profile location has no identifiable owner name.') . EOL);
@@ -433,10 +433,10 @@ function dfrn_request_post(App $a)
 			}
 
 			// "Homecoming" - send the requestor back to their site to record the introduction.
-			$dfrn_url = bin2hex(System::baseUrl() . '/profile/' . $nickname);
+			$dfrn_url = bin2hex($a->getBaseURL() . '/profile/' . $nickname);
 			$aes_allow = ((function_exists('openssl_encrypt')) ? 1 : 0);
 
-			goaway($parms['dfrn-request'] . "?dfrn_url=$dfrn_url"
+			System::externalRedirect($parms['dfrn-request'] . "?dfrn_url=$dfrn_url"
 				. '&dfrn_version=' . DFRN_PROTOCOL_VERSION
 				. '&confirm_key=' . $hash
 				. (($aes_allow) ? "&aes_allow=1" : "")
@@ -459,11 +459,11 @@ function dfrn_request_post(App $a)
 
 				$uri = urlencode($uri);
 			} else {
-				$uri = System::baseUrl() . '/profile/' . $nickname;
+				$uri = 'profile/' . $nickname;
 			}
 
 			$url = str_replace('{uri}', $uri, $url);
-			goaway($url);
+			System::externalRedirect($url);
 			// NOTREACHED
 			// END $network != Protocol::PHANTOM
 		} else {

mod/display.php

@@ -79,7 +79,7 @@ function display_init(App $a)
 	}
 
 	if (ActivityPub::isRequest()) {
-		goaway(str_replace('display/', 'objects/', $a->query_string));
+		$a->internalRedirect(str_replace('display/', 'objects/', $a->query_string));
 	}
 
 	if ($item["id"] != $item["parent"]) {

mod/events.php

@@ -100,7 +100,7 @@ function events_post(App $a)
 	$type     = 'event';
 
 	$action = ($event_id == '') ? 'new' : "event/" . $event_id;
-	$onerror_url = System::baseUrl() . "/events/" . $action . "?summary=$summary&description=$desc&location=$location&start=$start_text&finish=$finish_text&adjust=$adjust&nofinish=$nofinish";
+	$onerror_path = "events/" . $action . "?summary=$summary&description=$desc&location=$location&start=$start_text&finish=$finish_text&adjust=$adjust&nofinish=$nofinish";
 
 	if (strcmp($finish, $start) < 0 && !$nofinish) {
 		notice(L10n::t('Event can not end before it has started.') . EOL);
@@ -108,7 +108,7 @@ function events_post(App $a)
 			echo L10n::t('Event can not end before it has started.');
 			killme();
 		}
-		goaway($onerror_url);
+		$a->internalRedirect($onerror_path);
 	}
 
 	if (!$summary || ($start === NULL_DATE)) {
@@ -117,7 +117,7 @@ function events_post(App $a)
 			echo L10n::t('Event title and start time are required.');
 			killme();
 		}
-		goaway($onerror_url);
+		$a->internalRedirect($onerror_path);
 	}
 
 	$share = intval(defaults($_POST, 'share', 0));
@@ -187,7 +187,7 @@ function events_post(App $a)
 		Worker::add(PRIORITY_HIGH, "Notifier", "event", $item_id);
 	}
 
-	goaway('/events');
+	$a->internalRedirect('events');
 }
 
 function events_content(App $a)
@@ -198,7 +198,7 @@ function events_content(App $a)
 	}
 
 	if ($a->argc == 1) {
-		$_SESSION['return_url'] = System::baseUrl() . '/' . $a->cmd;
+		$_SESSION['return_path'] = $a->cmd;
 	}
 
 	if (($a->argc > 2) && ($a->argv[1] === 'ignore') && intval($a->argv[2])) {
@@ -577,6 +577,6 @@ function events_content(App $a)
 			info(L10n::t('Event removed') . EOL);
 		}
 
-		goaway(System::baseUrl() . '/events');
+		$a->internalRedirect('events');
 	}
 }

mod/filerm.php

@@ -25,7 +25,7 @@ function filerm_content(App $a) {
 		file_tag_unsave_file(local_user(),$item_id,$term, $category);
 	}
 
-	//goaway('/network');
+	//$a->internalRedirect('network');
 
 	killme();
 }

mod/follow.php

@@ -20,12 +20,12 @@ function follow_post(App $a)
 	}
 
 	if (isset($_REQUEST['cancel'])) {
-		goaway('contacts');
+		$a->internalRedirect('contacts');
 	}
 
 	$uid = local_user();
 	$url = notags(trim($_REQUEST['url']));
-	$return_url = 'contacts';
+	$return_path = 'contacts';
 
 	// Makes the connection request for friendica contacts easier
 	// This is just a precaution if maybe this page is called somewhere directly via POST
@@ -37,24 +37,24 @@ function follow_post(App $a)
 		if ($result['message']) {
 			notice($result['message']);
 		}
-		goaway($return_url);
+		$a->internalRedirect($return_path);
 	} elseif ($result['cid']) {
-		goaway('contact/' . $result['cid']);
+		$a->internalRedirect('contact/' . $result['cid']);
 	}
 
 	info(L10n::t('The contact could not be added.'));
 
-	goaway($return_url);
+	$a->internalRedirect($return_path);
 	// NOTREACHED
 }
 
 function follow_content(App $a)
 {
-	$return_url = 'contacts';
+	$return_path = 'contacts';
 
 	if (!local_user()) {
 		notice(L10n::t('Permission denied.'));
-		goaway($return_url);
+		$a->internalRedirect($return_path);
 		// NOTREACHED
 	}
 
@@ -74,7 +74,7 @@ function follow_content(App $a)
 		if ($r[0]['pending']) {
 			notice(L10n::t('You already added this contact.'));
 			$submit = '';
-			//goaway($_SESSION['return_url']);
+			//$a->internalRedirect($_SESSION['return_path']);
 			// NOTREACHED
 		}
 	}
@@ -84,21 +84,21 @@ function follow_content(App $a)
 	if (($ret['network'] == Protocol::DIASPORA) && !Config::get('system', 'diaspora_enabled')) {
 		notice(L10n::t("Diaspora support isn't enabled. Contact can't be added."));
 		$submit = '';
-		//goaway($_SESSION['return_url']);
+		//$a->internalRedirect($_SESSION['return_path']);
 		// NOTREACHED
 	}
 
 	if (($ret['network'] == Protocol::OSTATUS) && Config::get('system', 'ostatus_disabled')) {
 		notice(L10n::t("OStatus support is disabled. Contact can't be added."));
 		$submit = '';
-		//goaway($_SESSION['return_url']);
+		//$a->internalRedirect($_SESSION['return_path']);
 		// NOTREACHED
 	}
 
 	if ($ret['network'] == Protocol::PHANTOM) {
 		notice(L10n::t("The network type couldn't be detected. Contact can't be added."));
 		$submit = '';
-		//goaway($_SESSION['return_url']);
+		//$a->internalRedirect($_SESSION['return_path']);
 		// NOTREACHED
 	}
 
@@ -118,7 +118,7 @@ function follow_content(App $a)
 
 	if (!$r) {
 		notice(L10n::t('Permission denied.'));
-		goaway($return_url);
+		$a->internalRedirect($return_path);
 		// NOTREACHED
 	}
 

mod/group.php

@@ -38,12 +38,12 @@ function group_post(App $a) {
 			info(L10n::t('Group created.') . EOL);
 			$r = Model\Group::getIdByName(local_user(), $name);
 			if ($r) {
-				goaway(System::baseUrl() . '/group/' . $r);
+				$a->internalRedirect('group/' . $r);
 			}
 		} else {
 			notice(L10n::t('Could not create group.') . EOL);
 		}
-		goaway(System::baseUrl() . '/group');
+		$a->internalRedirect('group');
 		return; // NOTREACHED
 	}
 
@@ -56,7 +56,7 @@ function group_post(App $a) {
 		);
 		if (!DBA::isResult($r)) {
 			notice(L10n::t('Group not found.') . EOL);
-			goaway(System::baseUrl() . '/contact');
+			$a->internalRedirect('contact');
 			return; // NOTREACHED
 		}
 		$group = $r[0];
@@ -88,7 +88,7 @@ function group_content(App $a) {
 
 	// With no group number provided we jump to the unassigned contacts as a starting point
 	if ($a->argc == 1) {
-		goaway('group/none');
+		$a->internalRedirect('group/none');
 	}
 
 	// Switch to text mode interface if we have more than 'n' contacts or group members
@@ -159,7 +159,7 @@ function group_content(App $a) {
 				notice(L10n::t('Unable to remove group.') . EOL);
 			}
 		}
-		goaway(System::baseUrl() . '/group');
+		$a->internalRedirect('group');
 		// NOTREACHED
 	}
 
@@ -183,7 +183,7 @@ function group_content(App $a) {
 
 		if (!DBA::isResult($r)) {
 			notice(L10n::t('Group not found.') . EOL);
-			goaway(System::baseUrl() . '/contact');
+			$a->internalRedirect('contact');
 		}
 
 		$group = $r[0];

mod/home.php

@@ -16,11 +16,11 @@ function home_init(App $a) {
 	Addon::callHooks('home_init',$ret);
 
 	if (local_user() && ($a->user['nickname'])) {
-		goaway(System::baseUrl()."/network");
+		$a->internalRedirect('network');
 	}
 
 	if (strlen(Config::get('system','singleuser'))) {
-		goaway(System::baseUrl()."/profile/" . Config::get('system','singleuser'));
+		$a->internalRedirect('profile/' . Config::get('system','singleuser'));
 	}
 
 }}

mod/ignored.php

@@ -43,7 +43,7 @@ function ignored_init(App $a)
 			$rand = "?$rand";
 		}
 
-		goaway(System::baseUrl() . "/" . $return_path . $rand);
+		$a->internalRedirect($return_path . $rand);
 	}
 
 	// the json doesn't really matter, it will either be 0 or 1

mod/item.php

@@ -115,7 +115,7 @@ function item_post(App $a) {
 		if (!DBA::isResult($parent_item)) {
 			notice(L10n::t('Unable to locate original post.') . EOL);
 			if (!empty($_REQUEST['return'])) {
-				goaway($return_path);
+				$a->internalRedirect($return_path);
 			}
 			killme();
 		}
@@ -165,7 +165,7 @@ function item_post(App $a) {
 		notice(L10n::t('Permission denied.') . EOL) ;
 
 		if (!empty($_REQUEST['return'])) {
-			goaway($return_path);
+			$a->internalRedirect($return_path);
 		}
 
 		killme();
@@ -283,7 +283,7 @@ function item_post(App $a) {
 			}
 			info(L10n::t('Empty post discarded.') . EOL);
 			if (!empty($_REQUEST['return'])) {
-				goaway($return_path);
+				$a->internalRedirect($return_path);
 			}
 			killme();
 		}
@@ -678,7 +678,7 @@ function item_post(App $a) {
 	if (!empty($datarray['cancel'])) {
 		logger('mod_item: post cancelled by addon.');
 		if ($return_path) {
-			goaway($return_path);
+			$a->internalRedirect($return_path);
 		}
 
 		$json = ['cancel' => 1];
@@ -714,7 +714,7 @@ function item_post(App $a) {
 
 		if (!empty($_REQUEST['return']) && strlen($return_path)) {
 			logger('return: ' . $return_path);
-			goaway($return_path);
+			$a->internalRedirect($return_path);
 		}
 		killme();
 	} else {
@@ -729,14 +729,14 @@ function item_post(App $a) {
 
 	if (!$post_id) {
 		logger("Item wasn't stored.");
-		goaway($return_path);
+		$a->internalRedirect($return_path);
 	}
 
 	$datarray = Item::selectFirst(Item::ITEM_FIELDLIST, ['id' => $post_id]);
 
 	if (!DBA::isResult($datarray)) {
 		logger("Item with id ".$post_id." couldn't be fetched.");
-		goaway($return_path);
+		$a->internalRedirect($return_path);
 	}
 
 	// update filetags in pconfig
@@ -844,13 +844,14 @@ function item_post(App $a) {
 function item_post_return($baseurl, $api_source, $return_path)
 {
 	// figure out how to return, depending on from whence we came
+    $a = get_app();
 
 	if ($api_source) {
 		return;
 	}
 
 	if ($return_path) {
-		goaway($return_path);
+		$a->internalRedirect($return_path);
 	}
 
 	$json = ['success' => 1];

mod/like.php

@@ -28,7 +28,7 @@ function like_content(App $a) {
 	// See if we've been passed a return path to redirect to
 	$return_path = ((x($_REQUEST,'return')) ? $_REQUEST['return'] : '');
 
-	like_content_return(System::baseUrl(), $return_path);
+	like_content_return($a, $return_path);
 	killme(); // NOTREACHED
 }
 
@@ -36,7 +36,7 @@ function like_content(App $a) {
 // Decide how to return. If we were called with a 'return' argument,
 // then redirect back to the calling page. If not, just quietly end
 
-function like_content_return($baseurl, $return_path) {
+function like_content_return(App $a, $return_path) {
 	if ($return_path) {
 		$rand = '_=' . time();
 		if (strpos($return_path, '?')) {
@@ -45,7 +45,7 @@ function like_content_return($baseurl, $return_path) {
 			$rand = "?$rand";
 		}
 
-		goaway($baseurl . "/" . $return_path . $rand);
+		$a->internalRedirect($return_path . $rand);
 	}
 
 	killme();

mod/lostpass.php

@@ -19,14 +19,14 @@ function lostpass_post(App $a)
 {
 	$loginame = notags(trim($_POST['login-name']));
 	if (!$loginame) {
-		goaway(System::baseUrl());
+		$a->internalRedirect();
 	}
 
 	$condition = ['(`email` = ? OR `nickname` = ?) AND `verified` = 1 AND `blocked` = 0', $loginame, $loginame];
 	$user = DBA::selectFirst('user', ['uid', 'username', 'email', 'language'], $condition);
 	if (!DBA::isResult($user)) {
 		notice(L10n::t('No valid account found.') . EOL);
-		goaway(System::baseUrl());
+		$a->internalRedirect();
 	}
 
 	$pwdreset_token = autoname(12) . mt_rand(1000, 9999);
@@ -78,7 +78,7 @@ function lostpass_post(App $a)
 		'body'     => $body
 	]);
 
-	goaway(System::baseUrl());
+	$a->internalRedirect();
 }
 
 function lostpass_content(App $a)

mod/manage.php

@@ -99,7 +99,7 @@ function manage_post(App $a) {
 	unset($_SESSION['theme']);
 	unset($_SESSION['mobile-theme']);
 	unset($_SESSION['page_flags']);
-	unset($_SESSION['return_url']);
+	unset($_SESSION['return_path']);
 	if (x($_SESSION, 'submanage')) {
 		unset($_SESSION['submanage']);
 	}
@@ -119,7 +119,7 @@ function manage_post(App $a) {
 	$ret = [];
 	Addon::callHooks('home_init',$ret);
 
-	goaway( System::baseUrl() . "/profile/" . $a->user['nickname'] );
+	$a->internalRedirect('profile/' . $a->user['nickname'] );
 	// NOTREACHED
 }
 

mod/match.php

@@ -35,7 +35,7 @@ function match_content(App $a)
 	$a->page['aside'] .= Widget::findPeople();
 	$a->page['aside'] .= Widget::follow();
 
-	$_SESSION['return_url'] = System::baseUrl() . '/' . $a->cmd;
+	$_SESSION['return_path'] = $a->cmd;
 
 	$r = q(
 		"SELECT `pub_keywords`, `prv_keywords` FROM `profile` WHERE `is-default` = 1 AND `uid` = %d LIMIT 1",

mod/message.php

@@ -87,7 +87,7 @@ function message_post(App $a)
 		$a->argc = 2;
 		$a->argv[1] = 'new';
 	} else {
-		goaway($a->cmd . '/' . $ret);
+		$a->internalRedirect($a->cmd . '/' . $ret);
 	}
 }
 
@@ -155,7 +155,7 @@ function message_content(App $a)
 
 		// Now check how the user responded to the confirmation query
 		if (!empty($_REQUEST['canceled'])) {
-			goaway('/message');
+			$a->internalRedirect('message');
 		}
 
 		$cmd = $a->argv[1];
@@ -163,7 +163,7 @@ function message_content(App $a)
 			$message = DBA::selectFirst('mail', ['convid'], ['id' => $a->argv[2], 'uid' => local_user()]);
 			if(!DBA::isResult($message)){
 				info(L10n::t('Conversation not found.') . EOL);
-				goaway('/message');
+				$a->internalRedirect('message');
 			}
 
 			if (DBA::delete('mail', ['id' => $a->argv[2], 'uid' => local_user()])) {
@@ -173,10 +173,10 @@ function message_content(App $a)
 			$conversation = DBA::selectFirst('mail', ['id'], ['convid' => $message['convid'], 'uid' => local_user()]);
 			if(!DBA::isResult($conversation)){
 				info(L10n::t('Conversation removed.') . EOL);
-				goaway('/message');
+				$a->internalRedirect('message');
 			}
 
-			goaway('/message/' . $conversation['id'] );
+			$a->internalRedirect('message/' . $conversation['id'] );
 		} else {
 			$r = q("SELECT `parent-uri`,`convid` FROM `mail` WHERE `id` = %d AND `uid` = %d LIMIT 1",
 				intval($a->argv[2]),
@@ -190,7 +190,7 @@ function message_content(App $a)
 					info(L10n::t('Conversation removed.') . EOL);
 				}
 			}
-			goaway('/message' );
+			$a->internalRedirect('message');
 		}
 	}
 
@@ -265,7 +265,7 @@ function message_content(App $a)
 	}
 
 
-	$_SESSION['return_url'] = $a->query_string;
+	$_SESSION['return_path'] = $a->query_string;
 
 	if ($a->argc == 1) {
 

mod/network.php

@@ -38,7 +38,7 @@ function network_init(App $a)
 	$search = (x($_GET, 'search') ? escape_tags($_GET['search']) : '');
 
 	if (($search != '') && !empty($_GET['submit'])) {
-		goaway('search?search=' . urlencode($search));
+		$a->internalRedirect('search?search=' . urlencode($search));
 	}
 
 	if (x($_GET, 'save')) {
@@ -140,7 +140,7 @@ function network_init(App $a)
 
 			$redir_url = ($net_queries ? $net_baseurl . '?' . $net_queries : $net_baseurl);
 
-			goaway(System::baseUrl() . $redir_url);
+			$a->internalRedirect($redir_url);
 		}
 	}
 
@@ -618,7 +618,7 @@ function networkThreadedView(App $a, $update, $parent)
 				killme();
 			}
 			notice(L10n::t('No such group') . EOL);
-			goaway('network/0');
+			$a->internalRedirect('network/0');
 			// NOTREACHED
 		}
 
@@ -672,7 +672,7 @@ function networkThreadedView(App $a, $update, $parent)
 			}
 		} else {
 			notice(L10n::t('Invalid contact.') . EOL);
-			goaway('network');
+			$a->internalRedirect('network');
 			// NOTREACHED
 		}
 	}

mod/nogroup.php

@@ -24,5 +24,5 @@ function nogroup_content(App $a)
 		return '';
 	}
 
-	goaway(System::baseUrl() . '/group/none');
+	$a->internalRedirect('group/none');
 }

mod/notice.php

@@ -15,8 +15,7 @@ function notice_init(App $a)
 	$r = q("SELECT `user`.`nickname` FROM `user` LEFT JOIN `item` ON `item`.`uid` = `user`.`uid` WHERE `item`.`id` = %d", intval($id));
 	if (DBA::isResult($r)) {
 		$nick = $r[0]['nickname'];
-		$url = System::baseUrl() . "/display/$nick/$id";
+		$a->internalRedirect('display/' . $nick . '/' . $id);
-		goaway($url);
 	} else {
 		$a->error = 404;
 		notice(L10n::t('Item not found.') . EOL);

mod/notifications.php

@@ -17,7 +17,7 @@ use Friendica\Module\Login;
 function notifications_post(App $a)
 {
 	if (!local_user()) {
-		goaway(System::baseUrl());
+		$a->internalRedirect();
 	}
 
 	$request_id = (($a->argc > 1) ? $a->argv[1] : 0);
@@ -52,12 +52,12 @@ function notifications_post(App $a)
 					'self' => false, 'blocked' => true, 'pending' => true];
 				DBA::delete('contact', $condition);
 			}
-			goaway('notifications/intros');
+			$a->internalRedirect('notifications/intros');
 		}
 
 		if ($_POST['submit'] == L10n::t('Ignore')) {
 			DBA::update('intro', ['ignore' => true], ['id' => $intro_id]);
-			goaway('notifications/intros');
+			$a->internalRedirect('notifications/intros');
 		}
 	}
 }

mod/notify.php

@@ -37,10 +37,10 @@ function notify_init(App $a)
 				}
 			}
 
-			goaway($note['link']);
+			System::externalRedirect($note['link']);
 		}
 
-		goaway(System::baseUrl(true));
+		$a->internalRedirect();
 	}
 
 	if ($a->argc > 2 && $a->argv[1] === 'mark' && $a->argv[2] === 'all') {

mod/openid.php

@@ -14,7 +14,7 @@ function openid_content(App $a) {
 
 	$noid = Config::get('system','no_openid');
 	if($noid)
-		goaway(System::baseUrl());
+		$a->internalRedirect();
 
 	logger('mod_openid ' . print_r($_REQUEST,true), LOGGER_DATA);
 
@@ -28,7 +28,7 @@ function openid_content(App $a) {
 
 			if(! strlen($authid)) {
 				logger(L10n::t('OpenID protocol error. No ID returned.') . EOL);
-				goaway(System::baseUrl());
+				$a->internalRedirect();
 			}
 
 			// NOTE: we search both for normalised and non-normalised form of $authid
@@ -56,7 +56,7 @@ function openid_content(App $a) {
 				// just in case there was no return url set
 				// and we fell through
 
-				goaway(System::baseUrl());
+				$a->internalRedirect();
 			}
 
 			// Successful OpenID login - but we can't match it to an existing account.
@@ -64,7 +64,7 @@ function openid_content(App $a) {
 
 			if (intval(Config::get('config', 'register_policy')) === REGISTER_CLOSED) {
 				notice(L10n::t('Account not found and OpenID registration is not permitted on this site.') . EOL);
-				goaway(System::baseUrl());
+				$a->internalRedirect();
 			}
 
 			unset($_SESSION['register']);
@@ -108,12 +108,12 @@ function openid_content(App $a) {
 
 			$args .= '&openid_url=' . urlencode(notags(trim($authid)));
 
-			goaway(System::baseUrl() . '/register?' . $args);
+			$a->internalRedirect('register?' . $args);
 
 			// NOTREACHED
 		}
 	}
 	notice(L10n::t('Login failed.') . EOL);
-	goaway(System::baseUrl());
+	$a->internalRedirect();
 	// NOTREACHED
 }

mod/ostatus_subscribe.php

@@ -15,7 +15,7 @@ function ostatus_subscribe_content(App $a) {
 
 	if (! local_user()) {
 		notice(L10n::t('Permission denied.') . EOL);
-		goaway('/ostatus_subscribe');
+		$a->internalRedirect('ostatus_subscribe');
 		// NOTREACHED
 	}
 

mod/photos.php

@@ -196,7 +196,7 @@ function photos_post(App $a)
 		$album = hex2bin($a->argv[3]);
 
 		if ($album === L10n::t('Profile Photos') || $album === 'Contact Photos' || $album === L10n::t('Contact Photos')) {
-			goaway($_SESSION['photo_return']);
+			$a->internalRedirect($_SESSION['photo_return']);
 			return; // NOTREACHED
 		}
 
@@ -207,13 +207,13 @@ function photos_post(App $a)
 
 		if (!DBA::isResult($r)) {
 			notice(L10n::t('Album not found.') . EOL);
-			goaway($_SESSION['photo_return']);
+			$a->internalRedirect($_SESSION['photo_return']);
 			return; // NOTREACHED
 		}
 
 		// Check if the user has responded to a delete confirmation query
 		if (!empty($_REQUEST['canceled'])) {
-			goaway($_SESSION['photo_return']);
+			$a->internalRedirect($_SESSION['photo_return']);
 		}
 
 		// RENAME photo album
@@ -227,8 +227,7 @@ function photos_post(App $a)
 			// Update the photo albums cache
 			Photo::clearAlbumCache($page_owner_uid);
 
-			$newurl = System::baseUrl() . '/photos/' . $a->user['nickname'] . '/album/' . bin2hex($newalbum);
+			$a->internalRedirect('photos/' . $a->user['nickname'] . '/album/' . bin2hex($newalbum));
-			goaway($newurl);
 			return; // NOTREACHED
 		}
 
@@ -281,7 +280,7 @@ function photos_post(App $a)
 					$res[] = "'" . DBA::escape($rr['rid']) . "'" ;
 				}
 			} else {
-				goaway($_SESSION['photo_return']);
+				$a->internalRedirect($_SESSION['photo_return']);
 				return; // NOTREACHED
 			}
 
@@ -299,14 +298,14 @@ function photos_post(App $a)
 			Photo::clearAlbumCache($page_owner_uid);
 		}
 
-		goaway('photos/' . $a->data['user']['nickname']);
+		$a->internalRedirect('photos/' . $a->data['user']['nickname']);
 		return; // NOTREACHED
 	}
 
 
 	// Check if the user has responded to a delete confirmation query for a single photo
 	if ($a->argc > 2 && !empty($_REQUEST['canceled'])) {
-		goaway($_SESSION['photo_return']);
+		$a->internalRedirect($_SESSION['photo_return']);
 	}
 
 	if ($a->argc > 2 && defaults($_POST, 'delete', '') === L10n::t('Delete Photo')) {
@@ -356,7 +355,7 @@ function photos_post(App $a)
 			Photo::clearAlbumCache($page_owner_uid);
 		}
 
-		goaway('photos/' . $a->data['user']['nickname']);
+		$a->internalRedirect('photos/' . $a->data['user']['nickname']);
 		return; // NOTREACHED
 	}
 
@@ -697,7 +696,7 @@ function photos_post(App $a)
 				}
 			}
 		}
-		goaway($_SESSION['photo_return']);
+		$a->internalRedirect($_SESSION['photo_return']);
 		return; // NOTREACHED
 	}
 
@@ -928,7 +927,7 @@ function photos_post(App $a)
 	// addon uploaders should call "killme()" [e.g. exit] within the photo_post_end hook
 	// if they do not wish to be redirected
 
-	goaway($_SESSION['photo_return']);
+	$a->internalRedirect($_SESSION['photo_return']);
 	// NOTREACHED
 }
 
@@ -1470,7 +1469,7 @@ function photos_content(App $a)
 		if (count($linked_items)) {
 			$cmnt_tpl = get_markup_template('comment_item.tpl');
 			$tpl = get_markup_template('photo_item.tpl');
-			$return_url = $a->cmd;
+			$return_path = $a->cmd;
 
 			if ($can_post || Security::canWriteToUserWall($owner_uid)) {
 				$like_tpl = get_markup_template('like_noshare.tpl');
@@ -1487,7 +1486,7 @@ function photos_content(App $a)
 				if (($can_post || Security::canWriteToUserWall($owner_uid))) {
 					$comments .= replace_macros($cmnt_tpl, [
 						'$return_path' => '',
-						'$jsreload' => $return_url,
+						'$jsreload' => $return_path,
 						'$id' => $link_item['id'],
 						'$parent' => $link_item['id'],
 						'$profile_uid' =>  $owner_uid,
@@ -1526,7 +1525,7 @@ function photos_content(App $a)
 				if (($can_post || Security::canWriteToUserWall($owner_uid))) {
 					$comments .= replace_macros($cmnt_tpl,[
 						'$return_path' => '',
-						'$jsreload' => $return_url,
+						'$jsreload' => $return_path,
 						'$id' => $link_item['id'],
 						'$parent' => $link_item['id'],
 						'$profile_uid' =>  $owner_uid,
@@ -1586,7 +1585,7 @@ function photos_content(App $a)
 					if (($can_post || Security::canWriteToUserWall($owner_uid))) {
 						$comments .= replace_macros($cmnt_tpl, [
 							'$return_path' => '',
-							'$jsreload' => $return_url,
+							'$jsreload' => $return_path,
 							'$id' => $item['item_id'],
 							'$parent' => $item['parent'],
 							'$profile_uid' =>  $owner_uid,

mod/profile.php

@@ -34,7 +34,7 @@ function profile_init(App $a)
 	} else {
 		$r = q("SELECT `nickname` FROM `user` WHERE `blocked` = 0 AND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 ORDER BY RAND() LIMIT 1");
 		if (DBA::isResult($r)) {
-			goaway(System::baseUrl() . '/profile/' . $r[0]['nickname']);
+			$a->internalRedirect('profile/' . $r[0]['nickname']);
 		} else {
 			logger('profile error: mod_profile ' . $a->query_string, LOGGER_DEBUG);
 			notice(L10n::t('Requested profile is not available.') . EOL);

mod/profile_photo.php

@@ -74,7 +74,7 @@ function profile_photo_post(App $a)
 		$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = %d LIMIT 1", DBA::escape($image_id),
 			DBA::escape(local_user()), intval($scale));
 
-		$url = System::baseUrl() . '/profile/' . $a->user['nickname'];
+		$path = 'profile/' . $a->user['nickname'];
 		if (DBA::isResult($r)) {
 			$base_image = $r[0];
 
@@ -125,8 +125,8 @@ function profile_photo_post(App $a)
 
 				info(L10n::t('Shift-reload the page or clear browser cache if the new photo does not display immediately.') . EOL);
 				// Update global directory in background
-				if ($url && strlen(Config::get('system', 'directory'))) {
+				if ($path && strlen(Config::get('system', 'directory'))) {
-					Worker::add(PRIORITY_LOW, "Directory", $url);
+					Worker::add(PRIORITY_LOW, "Directory", $a->getBaseURL() . '/' . $path);
 				}
 
 				Worker::add(PRIORITY_LOW, 'ProfileUpdate', local_user());
@@ -135,7 +135,7 @@ function profile_photo_post(App $a)
 			}
 		}
 
-		goaway($url);
+		$a->internalRedirect($path);
 		return; // NOTREACHED
 	}
 
@@ -168,7 +168,7 @@ function profile_photo_post(App $a)
 	@unlink($src);
 
 	$imagecrop = profile_photo_crop_ui_head($a, $ph);
-	goaway(System::baseUrl() . '/profile_photo/use/' . $imagecrop['hash']);
+	$a->internalRedirect('profile_photo/use/' . $imagecrop['hash']);
 }
 
 function profile_photo_content(App $a)
@@ -225,7 +225,7 @@ function profile_photo_content(App $a)
 				Worker::add(PRIORITY_LOW, "Directory", $url);
 			}
 
-			goaway(System::baseUrl() . '/profile/' . $a->user['nickname']);
+			$a->internalRedirect('profile/' . $a->user['nickname']);
 			return; // NOTREACHED
 		}
 		$ph = new Image($r[0]['data'], $r[0]['type']);

mod/profiles.php

@@ -38,7 +38,7 @@ function profiles_init(App $a) {
 		);
 		if (! DBA::isResult($r)) {
 			notice(L10n::t('Profile not found.') . EOL);
-			goaway('profiles');
+			$a->internalRedirect('profiles');
 			return; // NOTREACHED
 		}
 
@@ -59,7 +59,7 @@ function profiles_init(App $a) {
 			info(L10n::t('Profile deleted.').EOL);
 		}
 
-		goaway('profiles');
+		$a->internalRedirect('profiles');
 		return; // NOTREACHED
 	}
 
@@ -93,10 +93,10 @@ function profiles_init(App $a) {
 
 		info(L10n::t('New profile created.') . EOL);
 		if (DBA::isResult($r3) && count($r3) == 1) {
-			goaway('profiles/' . $r3[0]['id']);
+			$a->internalRedirect('profiles/' . $r3[0]['id']);
 		}
 
-		goaway('profiles');
+		$a->internalRedirect('profiles');
 	}
 
 	if (($a->argc > 2) && ($a->argv[1] === 'clone')) {
@@ -132,10 +132,10 @@ function profiles_init(App $a) {
 		);
 		info(L10n::t('New profile created.') . EOL);
 		if ((DBA::isResult($r3)) && (count($r3) == 1)) {
-			goaway('profiles/'.$r3[0]['id']);
+			$a->internalRedirect('profiles/'.$r3[0]['id']);
 		}
 
-		goaway('profiles');
+		$a->internalRedirect('profiles');
 
 		return; // NOTREACHED
 	}
@@ -654,7 +654,7 @@ function profiles_content(App $a) {
 			);
 			if (DBA::isResult($r)) {
 				//Go to the default profile.
-				goaway('profiles/' . $r[0]['id']);
+				$a->internalRedirect('profiles/' . $r[0]['id']);
 			}
 		}
 

mod/randprof.php

@@ -13,8 +13,14 @@ function randprof_init(App $a)
 	$x = GContact::getRandomUrl();
 
 	if ($x) {
-		goaway(Contact::magicLink($x));
+		$link = Contact::magicLink($x);
+		// @TODO making the return of magicLink save to use either externalRedirect or internalRedirect
+		if (filter_var($link, FILTER_VALIDATE_URL)) {
+			System::externalRedirect($link);
+		} else {
+			$a->internalRedirect($link);
+		}
 	}
 
-	goaway(System::baseUrl() . '/profile');
+	$a->internalRedirect('profile');
 }

mod/redir.php

@@ -27,7 +27,7 @@ function redir_init(App $a) {
 		$contact = DBA::selectFirst('contact', $fields, ['id' => $cid, 'uid' => [0, local_user()]]);
 		if (!DBA::isResult($contact)) {
 			notice(L10n::t('Contact not found.'));
-			goaway(System::baseUrl());
+			$a->internalRedirect();
 		}
 
 		$contact_url = $contact['url'];
@@ -36,7 +36,7 @@ function redir_init(App $a) {
 			|| (!local_user() && !remote_user()) // Visitors (not logged in or not remotes) can't authenticate.
 			|| (!empty($a->contact['id']) && $a->contact['id'] == $cid)) // Local user is already authenticated.
 		{
-			goaway($url != '' ? $url : $contact_url);
+			System::externalRedirect(defaults($url, $contact_url));
 		}
 
 		if ($contact['uid'] == 0 && local_user()) {
@@ -50,14 +50,14 @@ function redir_init(App $a) {
 
 			if (!empty($a->contact['id']) && $a->contact['id'] == $cid) {
 				// Local user is already authenticated.
-				$target_url = $url != '' ? $url : $contact_url;
+				$target_url = defaults($url, $contact_url);
 				logger($contact['name'] . " is already authenticated. Redirecting to " . $target_url, LOGGER_DEBUG);
-				goaway($target_url);
+				System::externalRedirect($target_url);
 			}
 		}
 
 		if (remote_user()) {
-			$host = substr(System::baseUrl() . ($a->getURLPath() ? '/' . $a->getURLPath() : ''), strpos(System::baseUrl(), '://') + 3);
+			$host = substr($a->getBaseURL() . ($a->getURLPath() ? '/' . $a->getURLPath() : ''), strpos($a->getBaseURL(), '://') + 3);
 			$remotehost = substr($contact['addr'], strpos($contact['addr'], '@') + 1);
 
 			// On a local instance we have to check if the local user has already authenticated
@@ -71,9 +71,9 @@ function redir_init(App $a) {
 				foreach ($_SESSION['remote'] as $v) {
 					if ($v['uid'] == $_SESSION['visitor_visiting'] && $v['cid'] == $_SESSION['visitor_id']) {
 						// Remote user is already authenticated.
-						$target_url = $url != '' ? $url : $contact_url;
+						$target_url = defaults($url, $contact_url);
 						logger($contact['name'] . " is already authenticated. Redirecting to " . $target_url, LOGGER_DEBUG);
-						goaway($target_url);
+						System::externalRedirect($target_url);
 					}
 				}
 			}
@@ -102,11 +102,11 @@ function redir_init(App $a) {
 
 			$dest = (!empty($url) ? '&destination_url=' . $url : '');
 
-			goaway($contact['poll'] . '?dfrn_id=' . $dfrn_id
+			System::externalRedirect($contact['poll'] . '?dfrn_id=' . $dfrn_id
 				. '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest . $quiet);
 		}
 
-		$url = $url != '' ? $url : $contact_url;
+		$url = defaults($url, $contact_url);
 	}
 
 	// If we don't have a connected contact, redirect with
@@ -121,9 +121,9 @@ function redir_init(App $a) {
 		}
 
 		logger('redirecting to ' . $url, LOGGER_DEBUG);
-		goaway($url);
+		System::externalRedirect($url);
 	}
 
 	notice(L10n::t('Contact not found.'));
-	goaway(System::baseUrl());
+	$a->internalRedirect();
 }

mod/register.php

@@ -100,7 +100,7 @@ function register_post(App $a)
 
 			if ($res) {
 				info(L10n::t('Registration successful. Please check your email for further instructions.') . EOL);
-				goaway();
+				$a->internalRedirect();
 			} else {
 				notice(
 					L10n::t('Failed to send email message. Here your accout details:<br> login: %s<br> password: %s<br><br>You can change your password after login.',
@@ -111,12 +111,12 @@ function register_post(App $a)
 			}
 		} else {
 			info(L10n::t('Registration successful.') . EOL);
-			goaway();
+			$a->internalRedirect();
 		}
 	} elseif (intval(Config::get('config', 'register_policy')) === REGISTER_APPROVE) {
 		if (!strlen(Config::get('config', 'admin_email'))) {
 			notice(L10n::t('Your registration can not be processed.') . EOL);
-			goaway();
+			$a->internalRedirect();
 		}
 
 		Model\Register::createForApproval($user['uid'], Config::get('system', 'language'), $_POST['permonlybox']);
@@ -159,7 +159,7 @@ function register_post(App $a)
 		);
 
 		info(L10n::t('Your registration is pending approval by the site owner.') . EOL);
-		goaway();
+		$a->internalRedirect();
 	}
 
 	return;

mod/regmod.php

@@ -101,11 +101,11 @@ function regmod_content(App $a)
 
 	if ($cmd === 'deny') {
 		user_deny($hash);
-		goaway('admin/users/');
+		$a->internalRedirect('admin/users/');
 	}
 
 	if ($cmd === 'allow') {
 		user_allow($hash);
-		goaway('admin/users/');
+		$a->internalRedirect('admin/users/');
 	}
 }

mod/removeme.php

@@ -64,7 +64,7 @@ function removeme_post(App $a)
 function removeme_content(App $a)
 {
 	if (!local_user()) {
-		goaway(System::baseUrl());
+		$a->internalRedirect();
 	}
 
 	$hash = random_string();
@@ -76,7 +76,7 @@ function removeme_content(App $a)
 
 	$tpl = get_markup_template('removeme.tpl');
 	$o = replace_macros($tpl, [
-		'$basedir' => System::baseUrl(),
+		'$basedir' => $a->getBaseURL(),
 		'$hash' => $hash,
 		'$title' => L10n::t('Remove My Account'),
 		'$desc' => L10n::t('This will completely remove your account. Once this has been done it is not recoverable.'),

mod/repair_ostatus.php

@@ -14,7 +14,7 @@ function repair_ostatus_content(App $a) {
 
 	if (! local_user()) {
 		notice(L10n::t('Permission denied.') . EOL);
-		goaway('/ostatus_repair');
+		$a->internalRedirect('ostatus_repair');
 		// NOTREACHED
 	}
 

mod/settings.php

@@ -160,7 +160,7 @@ function settings_post(App $a)
 
 		$key = $_POST['remove'];
 		DBA::delete('tokens', ['id' => $key, 'uid' => local_user()]);
-		goaway(System::baseUrl(true)."/settings/oauth/");
+		$a->internalRedirect('settings/oauth/', true);
 		return;
 	}
 
@@ -206,7 +206,7 @@ function settings_post(App $a)
 				);
 			}
 		}
-		goaway(System::baseUrl(true)."/settings/oauth/");
+		$a->internalRedirect('settings/oauth/', true);
 		return;
 	}
 
@@ -371,7 +371,7 @@ function settings_post(App $a)
 		);
 
 		Addon::callHooks('display_settings_post', $_POST);
-		goaway('settings/display');
+		$a->internalRedirect('settings/display');
 		return; // NOTREACHED
 	}
 
@@ -380,7 +380,7 @@ function settings_post(App $a)
 	if (x($_POST,'resend_relocate')) {
 		Worker::add(PRIORITY_HIGH, 'Notifier', 'relocate', local_user());
 		info(L10n::t("Relocate message has been send to your contacts"));
-		goaway('settings');
+		$a->internalRedirect('settings');
 	}
 
 	Addon::callHooks('settings_post', $_POST);
@@ -649,7 +649,7 @@ function settings_post(App $a)
 	// Update the global contact for the user
 	GContact::updateForUser(local_user());
 
-	goaway('settings');
+	$a->internalRedirect('settings');
 	return; // NOTREACHED
 }
 
@@ -716,7 +716,7 @@ function settings_content(App $a)
 			BaseModule::checkFormSecurityTokenRedirectOnError('/settings/oauth', 'settings_oauth', 't');
 
 			DBA::delete('clients', ['client_id' => $a->argv[3], 'uid' => local_user()]);
-			goaway(System::baseUrl(true)."/settings/oauth/");
+			$a->internalRedirect('settings/oauth/', true);
 			return;
 		}
 
@@ -732,7 +732,7 @@ function settings_content(App $a)
 		$tpl = get_markup_template('settings/oauth.tpl');
 		$o .= replace_macros($tpl, [
 			'$form_security_token' => BaseModule::getFormSecurityToken("settings_oauth"),
-			'$baseurl'	=> System::baseUrl(true),
+			'$baseurl'	=> $a->getBaseURL(true),
 			'$title'	=> L10n::t('Connected Apps'),
 			'$add'		=> L10n::t('Add application'),
 			'$edit'		=> L10n::t('Edit'),
@@ -795,7 +795,7 @@ function settings_content(App $a)
 		$legacy_contact            = PConfig::get(local_user(), 'ostatus', 'legacy_contact');
 
 		if (x($legacy_contact)) {
-			/// @todo Isn't it supposed to be a goaway() call?
+			/// @todo Isn't it supposed to be a $a->internalRedirect() call?
 			$a->page['htmlhead'] = '<meta http-equiv="refresh" content="0; URL=' . System::baseUrl().'/ostatus_subscribe?url=' . urlencode($legacy_contact) . '">';
 		}
 

mod/starred.php

@@ -42,7 +42,7 @@ function starred_init(App $a) {
 			$rand = "?$rand";
 		}
 
-		goaway(System::baseUrl() . "/" . $return_path . $rand);
+		$a->internalRedirect($return_path . $rand);
 	}
 
 	// the json doesn't really matter, it will either be 0 or 1

mod/suggest.php

@@ -62,7 +62,7 @@ function suggest_content(App $a)
 		return;
 	}
 
-	$_SESSION['return_url'] = System::baseUrl() . '/' . $a->cmd;
+	$_SESSION['return_path'] = $a->cmd;
 
 	$a->page['aside'] .= Widget::findPeople();
 	$a->page['aside'] .= Widget::follow();

mod/tagrm.php

@@ -13,11 +13,11 @@ use Friendica\Model\Item;
 function tagrm_post(App $a)
 {
 	if (!local_user()) {
-		goaway(System::baseUrl() . '/' . $_SESSION['photo_return']);
+		$a->internalRedirect($_SESSION['photo_return']);
 	}
 
 	if (x($_POST,'submit') && ($_POST['submit'] === L10n::t('Cancel'))) {
-		goaway(System::baseUrl() . '/' . $_SESSION['photo_return']);
+		$a->internalRedirect($_SESSION['photo_return']);
 	}
 
 	$tag =  (x($_POST,'tag')  ? hex2bin(notags(trim($_POST['tag']))) : '');
@@ -25,7 +25,7 @@ function tagrm_post(App $a)
 
 	$item = Item::selectFirst(['tag'], ['id' => $item_id, 'uid' => local_user()]);
 	if (!DBA::isResult($item)) {
-		goaway(System::baseUrl() . '/' . $_SESSION['photo_return']);
+		$a->internalRedirect($_SESSION['photo_return']);
 	}
 
 	$arr = explode(',', $item['tag']);
@@ -41,7 +41,7 @@ function tagrm_post(App $a)
 	Item::update(['tag' => $tag_str], ['id' => $item_id]);
 
 	info(L10n::t('Tag removed') . EOL );
-	goaway(System::baseUrl() . '/' . $_SESSION['photo_return']);
+	$a->internalRedirect($_SESSION['photo_return']);
 
 	// NOTREACHED
 }
@@ -53,25 +53,25 @@ function tagrm_content(App $a)
 	$o = '';
 
 	if (!local_user()) {
-		goaway(System::baseUrl() . '/' . $_SESSION['photo_return']);
+		$a->internalRedirect($_SESSION['photo_return']);
 		// NOTREACHED
 	}
 
 	$item_id = (($a->argc > 1) ? intval($a->argv[1]) : 0);
 	if (!$item_id) {
-		goaway(System::baseUrl() . '/' . $_SESSION['photo_return']);
+		$a->internalRedirect($_SESSION['photo_return']);
 		// NOTREACHED
 	}
 
 	$item = Item::selectFirst(['tag'], ['id' => $item_id, 'uid' => local_user()]);
 	if (!DBA::isResult($item)) {
-		goaway(System::baseUrl() . '/' . $_SESSION['photo_return']);
+		$a->internalRedirect($_SESSION['photo_return']);
 	}
 
 	$arr = explode(',', $item['tag']);
 
 	if (!count($arr)) {
-		goaway(System::baseUrl() . '/' . $_SESSION['photo_return']);
+		$a->internalRedirect($_SESSION['photo_return']);
 	}
 
 	$o .= '<h3>' . L10n::t('Remove Item Tag') . '</h3>';

mod/toggle_mobile.php

@@ -14,8 +14,8 @@ function toggle_mobile_init(App $a) {
 	if (isset($_GET['address'])) {
 		$address = $_GET['address'];
 	} else {
-		$address = System::baseUrl();
+		$address = '';
 	}
 
-	goaway($address);
+	$a->internalRedirect($address);
 }

mod/unfollow.php

@@ -12,13 +12,13 @@ use Friendica\Model\Contact;
 use Friendica\Model\Profile;
 use Friendica\Model\User;
 
-function unfollow_post()
+function unfollow_post(App $a)
 {
-	$return_url = 'contacts';
+	$return_path = 'contacts';
 
 	if (!local_user()) {
 		notice(L10n::t('Permission denied.'));
-		goaway('/login');
+		$a->internalRedirect('login');
 		// NOTREACHED
 	}
 
@@ -32,17 +32,17 @@ function unfollow_post()
 
 	if (!DBA::isResult($contact)) {
 		notice(L10n::t("You aren't following this contact."));
-		goaway($return_url);
+		$a->internalRedirect($return_path);
 		// NOTREACHED
 	}
 
 	if (!empty($_REQUEST['cancel'])) {
-		goaway($return_url . '/' . $contact['id']);
+		$a->internalRedirect($return_path . '/' . $contact['id']);
 	}
 
 	if (!in_array($contact['network'], Protocol::NATIVE_SUPPORT)) {
 		notice(L10n::t('Unfollowing is currently not supported by your network.'));
-		goaway($return_url . '/' . $contact['id']);
+		$a->internalRedirect($return_path . '/' . $contact['id']);
 		// NOTREACHED
 	}
 
@@ -63,17 +63,17 @@ function unfollow_post()
 	}
 
 	info(L10n::t('Contact unfollowed'));
-	goaway($return_path);
+	$a->internalRedirect($return_path);
 	// NOTREACHED
 }
 
 function unfollow_content(App $a)
 {
-	$return_url = 'contacts';
+	$return_path = 'contacts';
 
 	if (!local_user()) {
 		notice(L10n::t('Permission denied.'));
-		goaway('/login');
+		$a->internalRedirect('login');
 		// NOTREACHED
 	}
 
@@ -88,13 +88,13 @@ function unfollow_content(App $a)
 
 	if (!DBA::isResult($contact)) {
 		notice(L10n::t("You aren't following this contact."));
-		goaway($return_url);
+		$a->internalRedirect($return_path);
 		// NOTREACHED
 	}
 
 	if (!in_array($contact['network'], Protocol::NATIVE_SUPPORT)) {
 		notice(L10n::t('Unfollowing is currently not supported by your network.'));
-		goaway('contact/' . $contact['id']);
+		$a->internalRedirect('contact/' . $contact['id']);
 		// NOTREACHED
 	}
 
@@ -105,7 +105,7 @@ function unfollow_content(App $a)
 
 	if (!DBA::isResult($self)) {
 		notice(L10n::t('Permission denied.'));
-		goaway($return_url);
+		$a->internalRedirect($return_path);
 		// NOTREACHED
 	}
 

mod/videos.php

@@ -115,14 +115,14 @@ function videos_post(App $a)
 	$owner_uid = $a->data['user']['uid'];
 
 	if (local_user() != $owner_uid) {
-		goaway(System::baseUrl() . '/videos/' . $a->data['user']['nickname']);
+		$a->internalRedirect('videos/' . $a->data['user']['nickname']);
 	}
 
 	if (($a->argc == 2) && !empty($_POST['delete']) && !empty($_POST['id'])) {
 		// Check if we should do HTML-based delete confirmation
 		if (empty($_REQUEST['confirm'])) {
 			if (!empty($_REQUEST['canceled'])) {
-				goaway(System::baseUrl() . '/videos/' . $a->data['user']['nickname']);
+				$a->internalRedirect('videos/' . $a->data['user']['nickname']);
 			}
 
 			$drop_url = $a->query_string;
@@ -169,11 +169,11 @@ function videos_post(App $a)
 			}
 		}
 
-		goaway(System::baseUrl() . '/videos/' . $a->data['user']['nickname']);
+		$a->internalRedirect('videos/' . $a->data['user']['nickname']);
 		return; // NOTREACHED
 	}
 
-	goaway(System::baseUrl() . '/videos/' . $a->data['user']['nickname']);
+	$a->internalRedirect('videos/' . $a->data['user']['nickname']);
 }
 
 function videos_content(App $a)

mod/wallmessage.php

@@ -69,7 +69,7 @@ function wallmessage_post(App $a) {
 			info(L10n::t('Message sent.') . EOL);
 	}
 
-	goaway('profile/'.$user['nickname']);
+	$a->internalRedirect('profile/'.$user['nickname']);
 }
 
 

src/App.php

@@ -1747,35 +1747,35 @@ class App
 		if (strlen($this->module)) {
 			// Compatibility with the Android Diaspora client
 			if ($this->module == 'stream') {
-				goaway('network?f=&order=post');
+				$this->internalRedirect('network?f=&order=post');
 			}
 
 			if ($this->module == 'conversations') {
-				goaway('message');
+				$this->internalRedirect('message');
 			}
 
 			if ($this->module == 'commented') {
-				goaway('network?f=&order=comment');
+				$this->internalRedirect('network?f=&order=comment');
 			}
 
 			if ($this->module == 'liked') {
-				goaway('network?f=&order=comment');
+				$this->internalRedirect('network?f=&order=comment');
 			}
 
 			if ($this->module == 'activity') {
-				goaway('network/?f=&conv=1');
+				$this->internalRedirect('network/?f=&conv=1');
 			}
 
 			if (($this->module == 'status_messages') && ($this->cmd == 'status_messages/new')) {
-				goaway('bookmarklet');
+				$this->internalRedirect('bookmarklet');
 			}
 
 			if (($this->module == 'user') && ($this->cmd == 'user/edit')) {
-				goaway('settings');
+				$this->internalRedirect('settings');
 			}
 
 			if (($this->module == 'tag_followings') && ($this->cmd == 'tag_followings/manage')) {
-				goaway('search');
+				$this->internalRedirect('search');
 			}
 
 			// Compatibility with the Firefox App
@@ -1830,7 +1830,7 @@ class App
 
 				if (!empty($_SERVER['QUERY_STRING']) && ($_SERVER['QUERY_STRING'] === 'q=internal_error.html') && isset($dreamhost_error_hack)) {
 					logger('index.php: dreamhost_error_hack invoked. Original URI =' . $_SERVER['REQUEST_URI']);
-					goaway($this->getBaseURL() . $_SERVER['REQUEST_URI']);
+					$this->internalRedirect($_SERVER['REQUEST_URI']);
 				}
 
 				logger('index.php: page not found: ' . $_SERVER['REQUEST_URI'] . ' ADDRESS: ' . $_SERVER['REMOTE_ADDR'] . ' QUERY: ' . $_SERVER['QUERY_STRING'], LOGGER_DEBUG);
@@ -1999,4 +1999,23 @@ class App
 		/// @TODO Looks unsafe (remote-inclusion), is maybe not but Core\Theme::getPathForFile() uses file_exists() but does not escape anything
 		require_once $template;
 	}
+
+	/**
+	 * Redirects to another module relative to the current Friendica base.
+	 * If you want to redirect to a external URL, use System::externalRedirectTo()
+	 *
+	 * @param string $toUrl The destination URL (Default is empty, which is the default page of the Friendica node)
+	 * @param bool $ssl if true, base URL will try to get called with https:// (works just for relative paths)
+	 *
+	 * @throws InternalServerErrorException In Case the given URL is not relative to the Friendica node
+	 */
+	public function internalRedirect($toUrl = '', $ssl = false)
+	{
+		if (filter_var($toUrl, FILTER_VALIDATE_URL)) {
+			throw new InternalServerErrorException('URL is not a relative path, please use System::externalRedirectTo');
+		}
+
+		$redirectTo = $this->getBaseURL($ssl) . '/' . ltrim($toUrl, '/');
+		System::externalRedirect($redirectTo);
+	}
 }

src/BaseModule.php

@@ -60,7 +60,8 @@ abstract class BaseModule extends BaseObject
 	 */
 	public static function post()
 	{
-		// goaway('module');
+		// $a = self::getApp();
+		// $a->internalRedirect('module');
 	}
 
 	/**
@@ -138,7 +139,7 @@ abstract class BaseModule extends BaseObject
 			logger('checkFormSecurityToken failed: user ' . $a->user['guid'] . ' - form element ' . $typename);
 			logger('checkFormSecurityToken failed: _REQUEST data: ' . print_r($_REQUEST, true), LOGGER_DATA);
 			notice(self::getFormSecurityStandardErrorMessage());
-			goaway(System::baseUrl() . $err_redirect);
+			$a->internalRedirect($err_redirect);
 		}
 	}
 

src/Core/Authentication.php

@@ -82,7 +82,7 @@ class Authentication extends BaseObject
 
 		if ($interactive) {
 			if ($a->user['login_date'] <= NULL_DATE) {
-				$_SESSION['return_url'] = 'profile_photo/new';
+				$_SESSION['return_path'] = 'profile_photo/new';
 				$a->module = 'profile_photo';
 				info(L10n::t("Welcome ") . $a->user['username'] . EOL);
 				info(L10n::t('Please upload a profile photo.') . EOL);
@@ -193,8 +193,8 @@ class Authentication extends BaseObject
 		if ($login_initial) {
 			Addon::callHooks('logged_in', $a->user);
 
-			if (($a->module !== 'home') && isset($_SESSION['return_url'])) {
+			if (($a->module !== 'home') && isset($_SESSION['return_path'])) {
-				goaway($a->getbaseUrl() . '/' . $_SESSION['return_url']);
+				$a->internalRedirect($_SESSION['return_path']);
 			}
 		}
 	}

src/Core/System.php

@@ -5,6 +5,7 @@
 namespace Friendica\Core;
 
 use Friendica\BaseObject;
+use Friendica\Network\HTTPException\InternalServerErrorException;
 use Friendica\Util\XML;
 
 /**
@@ -236,10 +237,26 @@ class System extends BaseObject
 		return max($load_arr[0], $load_arr[1]);
 	}
 
+	/**
+	 * Redirects to an external URL (fully qualified URL)
+	 * If you want to route relative to the current Friendica base, use App->internalRedirect()
+	 *
+	 * @param string $url The new Location to redirect
+	 * @throws InternalServerErrorException If the URL is not fully qualified
+	 */
+	public static function externalRedirect($url)
+	{
+		if (!filter_var($url, FILTER_VALIDATE_URL)) {
+			throw new InternalServerErrorException('URL is not a fully qualified URL, please use App->internalRedirect() instead');
+		}
+
+		header("Location: $url");
+		exit();
+	}
+
 	/// @todo Move the following functions from boot.php
 	/*
 	function killme()
-	function goaway($s)
 	function local_user()
 	function public_contact()
 	function remote_user()

src/Core/UserImport.php

@@ -272,6 +272,6 @@ class UserImport
 		Worker::add(PRIORITY_HIGH, 'Notifier', 'relocate', $newuid);
 
 		info(L10n::t("Done. You can now login with your username and password"));
-		goaway(System::baseUrl() . "/login");
+		$a->internalRedirect('login');
 	}
 }

src/Model/Contact.php

@@ -1639,7 +1639,7 @@ class Contact extends BaseObject
 					$myaddr = bin2hex($a->user['nickname'] . '@' . $a->getHostName());
 				}
 
-				goaway($ret['request'] . "&addr=$myaddr");
+				$a->internalRedirect($ret['request'] . "&addr=$myaddr");
 
 				// NOTREACHED
 			}
@@ -2024,8 +2024,10 @@ class Contact extends BaseObject
 	/**
 	 * @brief Returns a magic link to authenticate remote visitors
 	 *
+	 * @todo check if the return is either a fully qualified URL or a relative path to Friendica basedir
+	 *
 	 * @param string $contact_url The address of the target contact profile
-	 * @param integer $url An url that we will be redirected to after the authentication
+	 * @param string $url An url that we will be redirected to after the authentication
 	 *
 	 * @return string with "redir" link
 	 */
@@ -2058,7 +2060,7 @@ class Contact extends BaseObject
 	 * @brief Returns a magic link to authenticate remote visitors
 	 *
 	 * @param array $contact The contact array with "uid", "network" and "url"
-	 * @param integer $url An url that we will be redirected to after the authentication
+	 * @param string $url An url that we will be redirected to after the authentication
 	 *
 	 * @return string with "redir" link
 	 */

src/Model/Profile.php

@@ -1047,7 +1047,7 @@ class Profile
 		// Try to avoid recursion - but send them home to do a proper magic auth.
 		$query = str_replace(array('?zrl=', '&zid='), array('?rzrl=', '&rzrl='), $a->query_string);
 		// The other instance needs to know where to redirect.
-		$dest = urlencode(System::baseUrl() . '/' . $query);
+		$dest = urlencode($a->getBaseURL() . '/' . $query);
 
 		// We need to extract the basebath from the profile url
 		// to redirect the visitors '/magic' module.
@@ -1055,14 +1055,14 @@ class Profile
 		$urlarr = explode('/profile/', $contact['url']);
 		$basepath = $urlarr[0];
 
-		if ($basepath != System::baseUrl() && !strstr($dest, '/magic') && !strstr($dest, '/rmagic')) {
+		if ($basepath != $a->getBaseURL() && !strstr($dest, '/magic') && !strstr($dest, '/rmagic')) {
 			$magic_path = $basepath . '/magic' . '?f=&owa=1&dest=' . $dest;
 
 			// We have to check if the remote server does understand /magic without invoking something
 			$serverret = Network::curl($basepath . '/magic');
 			if ($serverret->isSuccess()) {
 				logger('Doing magic auth for visitor ' . $my_url . ' to ' . $magic_path, LOGGER_DEBUG);
-				goaway($magic_path);
+				System::externalRedirect($magic_path);
 			}
 		}
 	}

src/Model/User.php

@@ -450,7 +450,7 @@ class User
 				} catch (Exception $e) {
 					throw new Exception(L10n::t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . EOL . EOL . L10n::t('The error message was:') . $e->getMessage(), 0, $e);
 				}
-				goaway($authurl);
+				System::externalRedirect($authurl);
 				// NOTREACHED
 			}
 
@@ -783,6 +783,8 @@ class User
 			return;
 		}
 
+		$a = get_app();
+
 		logger('Removing user: ' . $uid);
 
 		$user = DBA::selectFirst('user', [], ['uid' => $uid]);
@@ -807,7 +809,7 @@ class User
 		if ($uid == local_user()) {
 			unset($_SESSION['authenticated']);
 			unset($_SESSION['uid']);
-			goaway();;
+			$a->internalRedirect();
 		}
 	}
 }

src/Module/Acctlink.php

@@ -4,6 +4,7 @@ namespace Friendica\Module;
 
 use Friendica\BaseModule;
 use Friendica\Network\Probe;
+use Friendica\Core\System;
 
 /**
  * Redirects to another URL based on the parameter 'addr'
@@ -18,7 +19,7 @@ class Acctlink extends BaseModule
 			$url = defaults(Probe::uri(trim($addr)), 'url', false);
 
 			if ($url) {
-				goaway($url);
+				System::externalRedirect($url);
 				exit();
 			}
 		}

src/Module/Contact.php

@@ -66,9 +66,9 @@ class Contact extends BaseModule
 		if (DBA::isResult($contact)) {
 			if ($contact['self']) {
 				if (($a->argc == 3) && intval($a->argv[1]) && in_array($a->argv[2], ['posts', 'conversations'])) {
-					goaway('profile/' . $contact['nick']);
+					$a->internalRedirect('profile/' . $contact['nick']);
 				} else {
-					goaway('profile/' . $contact['nick'] . '?tab=profile');
+					$a->internalRedirect('profile/' . $contact['nick'] . '?tab=profile');
 				}
 			}
 
@@ -168,7 +168,7 @@ class Contact extends BaseModule
 			info(L10n::tt('%d contact edited.', '%d contacts edited.', $count_actions));
 		}
 
-		goaway('contact');
+		$a->internalRedirect('contact');
 	}
 
 	public static function post()
@@ -191,7 +191,7 @@ class Contact extends BaseModule
 
 		if (!DBA::exists('contact', ['id' => $contact_id, 'uid' => local_user()])) {
 			notice(L10n::t('Could not access contact record.') . EOL);
-			goaway('contact');
+			$a->internalRedirect('contact');
 			return; // NOTREACHED
 		}
 
@@ -374,19 +374,19 @@ class Contact extends BaseModule
 			$orig_record = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => [0, local_user()], 'self' => false]);
 			if (!DBA::isResult($orig_record)) {
 				notice(L10n::t('Could not access contact record.') . EOL);
-				goaway('contact');
+				$a->internalRedirect('contact');
 				return; // NOTREACHED
 			}
 
 			if ($cmd === 'update' && ($orig_record['uid'] != 0)) {
 				self::updateContactFromPoll($contact_id);
-				goaway('contact/' . $contact_id);
+				$a->internalRedirect('contact/' . $contact_id);
 				// NOTREACHED
 			}
 
 			if ($cmd === 'updateprofile' && ($orig_record['uid'] != 0)) {
 				self::updateContactFromProbe($contact_id);
-				goaway('crepair/' . $contact_id);
+				$a->internalRedirect('crepair/' . $contact_id);
 				// NOTREACHED
 			}
 
@@ -396,7 +396,7 @@ class Contact extends BaseModule
 				$blocked = Model\Contact::isBlockedByUser($contact_id, local_user());
 				info(($blocked ? L10n::t('Contact has been blocked') : L10n::t('Contact has been unblocked')) . EOL);
 
-				goaway('contact/' . $contact_id);
+				$a->internalRedirect('contact/' . $contact_id);
 				return; // NOTREACHED
 			}
 
@@ -406,7 +406,7 @@ class Contact extends BaseModule
 				$ignored = Model\Contact::isIgnoredByUser($contact_id, local_user());
 				info(($ignored ? L10n::t('Contact has been ignored') : L10n::t('Contact has been unignored')) . EOL);
 
-				goaway('contact/' . $contact_id);
+				$a->internalRedirect('contact/' . $contact_id);
 				return; // NOTREACHED
 			}
 
@@ -417,7 +417,7 @@ class Contact extends BaseModule
 					info((($archived) ? L10n::t('Contact has been archived') : L10n::t('Contact has been unarchived')) . EOL);
 				}
 
-				goaway('contact/' . $contact_id);
+				$a->internalRedirect('contact/' . $contact_id);
 				return; // NOTREACHED
 			}
 
@@ -451,13 +451,13 @@ class Contact extends BaseModule
 				}
 				// Now check how the user responded to the confirmation query
 				if (!empty($_REQUEST['canceled'])) {
-					goaway('contact');
+					$a->internalRedirect('contact');
 				}
 
 				self::dropContact($orig_record);
 				info(L10n::t('Contact has been removed.') . EOL);
 
-				goaway('contact');
+				$a->internalRedirect('contact');
 				return; // NOTREACHED
 			}
 			if ($cmd === 'posts') {
@@ -468,7 +468,7 @@ class Contact extends BaseModule
 			}
 		}
 
-		$_SESSION['return_url'] = $a->query_string;
+		$_SESSION['return_path'] = $a->query_string;
 
 		if (!empty($a->data['contact']) && is_array($a->data['contact'])) {
 			$contact_id = $a->data['contact']['id'];

src/Module/Login.php

@@ -10,6 +10,7 @@ use Friendica\Core\Addon;
 use Friendica\Core\Authentication;
 use Friendica\Core\Config;
 use Friendica\Core\L10n;
+use Friendica\Core\System;
 use Friendica\Database\DBA;
 use Friendica\Model\User;
 use Friendica\Util\DateTimeFormat;
@@ -39,17 +40,17 @@ class Login extends BaseModule
 		}
 
 		if (local_user()) {
-			goaway(self::getApp()->getBaseURL());
+			$a->internalRedirect();
 		}
 
-		return self::form($_SESSION['return_url'], intval(Config::get('config', 'register_policy')) !== REGISTER_CLOSED);
+		return self::form($_SESSION['return_path'], intval(Config::get('config', 'register_policy')) !== REGISTER_CLOSED);
 	}
 
 	public static function post()
 	{
-		$return_url = $_SESSION['return_url'];
+		$return_path = $_SESSION['return_path'];
 		session_unset();
-		$_SESSION['return_url'] = $return_url;
+		$_SESSION['return_path'] = $return_path;
 		
 		// OpenId Login
 		if (
@@ -83,22 +84,23 @@ class Login extends BaseModule
 	{
 		$noid = Config::get('system', 'no_openid');
 
+		$a = self::getApp();
+
 		// if it's an email address or doesn't resolve to a URL, fail.
 		if ($noid || strpos($openid_url, '@') || !Network::isUrlValid($openid_url)) {
 			notice(L10n::t('Login failed.') . EOL);
-			goaway(self::getApp()->getBaseURL());
+			$a->internalRedirect();
 			// NOTREACHED
 		}
 
 		// Otherwise it's probably an openid.
 		try {
-			$a = get_app();
 			$openid = new LightOpenID($a->getHostName());
 			$openid->identity = $openid_url;
 			$_SESSION['openid'] = $openid_url;
 			$_SESSION['remember'] = $remember;
-			$openid->returnUrl = self::getApp()->getBaseURL(true) . '/openid';
+			$openid->returnUrl = $a->getBaseURL(true) . '/openid';
-			goaway($openid->authUrl());
+			System::externalRedirect($openid->authUrl());
 		} catch (Exception $e) {
 			notice(L10n::t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . '<br /><br >' . L10n::t('The error message was:') . ' ' . $e->getMessage());
 		}
@@ -122,6 +124,8 @@ class Login extends BaseModule
 			'user_record' => null
 		];
 
+		$a = self::getApp();
+
 		/*
 		 * An addon indicates successful login by setting 'authenticated' to non-zero value and returning a user record
 		 * Addons should never set 'authenticated' except to indicate success - as hooks may be chained
@@ -144,7 +148,7 @@ class Login extends BaseModule
 		} catch (Exception $e) {
 			logger('authenticate: failed login attempt: ' . notags($username) . ' from IP ' . $_SERVER['REMOTE_ADDR']);
 			info('Login failed. Please check your credentials.' . EOL);
-			goaway('/');
+			$a->internalRedirect();
 		}
 
 		if (!$remember) {
@@ -156,14 +160,14 @@ class Login extends BaseModule
 		$_SESSION['last_login_date'] = DateTimeFormat::utcNow();
 		Authentication::setAuthenticatedSessionForUser($record, true, true);
 
-		if (x($_SESSION, 'return_url')) {
+		if (x($_SESSION, 'return_path')) {
-			$return_url = $_SESSION['return_url'];
+			$return_path = $_SESSION['return_path'];
-			unset($_SESSION['return_url']);
+			unset($_SESSION['return_path']);
 		} else {
-			$return_url = '';
+			$return_path = '';
 		}
 
-		goaway($return_url);
+		$a->internalRedirect($return_path);
 	}
 
 	/**
@@ -173,6 +177,8 @@ class Login extends BaseModule
 	 */
 	public static function sessionAuth()
 	{
+		$a = self::getApp();
+
 		// When the "Friendica" cookie is set, take the value to authenticate and renew the cookie.
 		if (isset($_COOKIE["Friendica"])) {
 			$data = json_decode($_COOKIE["Friendica"]);
@@ -191,7 +197,7 @@ class Login extends BaseModule
 					if ($data->hash != Authentication::getCookieHashForUser($user)) {
 						logger("Hash for user " . $data->uid . " doesn't fit.");
 						Authentication::deleteSession();
-						goaway(self::getApp()->getBaseURL());
+						$a->internalRedirect();
 					}
 
 					// Renew the cookie
@@ -228,7 +234,7 @@ class Login extends BaseModule
 					logger('Session address changed. Paranoid setting in effect, blocking session. ' .
 						$_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
 					Authentication::deleteSession();
-					goaway(self::getApp()->getBaseURL());
+					$a->internalRedirect();
 				}
 
 				$user = DBA::selectFirst('user', [],
@@ -242,7 +248,7 @@ class Login extends BaseModule
 				);
 				if (!DBA::isResult($user)) {
 					Authentication::deleteSession();
-					goaway(self::getApp()->getBaseURL());
+					$a->internalRedirect();
 				}
 
 				// Make sure to refresh the last login time for the user if the user
@@ -263,7 +269,7 @@ class Login extends BaseModule
 	/**
 	 * @brief Wrapper for adding a login box.
 	 *
-	 * @param string $return_url The url relative to the base the user should be sent
+	 * @param string $return_path The path relative to the base the user should be sent
 	 *							 back to after login completes
 	 * @param bool $register If $register == true provide a registration link.
 	 *						 This will most always depend on the value of config.register_policy.
@@ -273,7 +279,7 @@ class Login extends BaseModule
 	 *
 	 * @hooks 'login_hook' string $o
 	 */
-	public static function form($return_url = null, $register = false, $hiddens = [])
+	public static function form($return_path = null, $register = false, $hiddens = [])
 	{
 		$a = self::getApp();
 		$o = '';
@@ -287,8 +293,8 @@ class Login extends BaseModule
 
 		$noid = Config::get('system', 'no_openid');
 
-		if (is_null($return_url)) {
+		if (is_null($return_path)) {
-			$return_url = $a->query_string;
+			$return_path = $a->query_string;
 		}
 
 		if (local_user()) {
@@ -302,7 +308,7 @@ class Login extends BaseModule
 			);
 
 			$tpl = get_markup_template('login.tpl');
-			$_SESSION['return_url'] = $return_url;
+			$_SESSION['return_path'] = $return_path;
 		}
 
 		$o .= replace_macros(

src/Module/Logout.php

@@ -8,6 +8,7 @@ use Friendica\BaseModule;
 use Friendica\Core\Addon;
 use Friendica\Core\Authentication;
 use Friendica\Core\L10n;
+use Friendica\Core\System;
 
 require_once 'boot.php';
 
@@ -26,6 +27,6 @@ class Logout extends BaseModule
 		Addon::callHooks("logging_out");
 		Authentication::deleteSession();
 		info(L10n::t('Logged out.') . EOL);
-		goaway(self::getApp()->getBaseURL());
+		self::getApp()->internalRedirect();
 	}
 }

src/Module/Magic.php

@@ -7,6 +7,7 @@ namespace Friendica\Module;
 use Friendica\BaseModule;
 use Friendica\Database\DBA;
 use Friendica\Model\Contact;
+use Friendica\Core\System;
 use Friendica\Util\HTTPSignature;
 use Friendica\Util\Network;
 
@@ -41,9 +42,13 @@ class Magic extends BaseModule
 
 		if (!$cid) {
 			logger('No contact record found: ' . print_r($_REQUEST, true), LOGGER_DEBUG);
-			goaway($dest);
+			// @TODO Finding a more elegant possibility to redirect to either internal or external URL
+			if (filter_var($dest, FILTER_VALIDATE_URL)) {
+				System::externalRedirect($dest);
+			} else {
+				$a->internalRedirect($dest);
+			}
 		}
-
 		$contact = DBA::selectFirst('contact', ['id', 'nurl', 'url'], ['id' => $cid]);
 
 		// Redirect if the contact is already authenticated on this site.
@@ -55,7 +60,7 @@ class Magic extends BaseModule
 			}
 
 			logger('Contact is already authenticated', LOGGER_DEBUG);
-			goaway($dest);
+			System::externalRedirect($dest);
 		}
 
 		if (local_user()) {
@@ -99,10 +104,10 @@ class Magic extends BaseModule
 						$x = strpbrk($dest, '?&');
 						$args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token);
 
-						goaway($dest . $args);
+						System::externalRedirect($dest . $args);
 					}
 				}
-				goaway($dest);
+				System::externalRedirect($dest);
 			}
 		}
 
@@ -111,6 +116,11 @@ class Magic extends BaseModule
 			return $ret;
 		}
 
-		goaway($dest);
+		// @TODO Finding a more elegant possibility to redirect to either internal or external URL
+		if (filter_var($dest, FILTER_VALIDATE_URL)) {
+			System::externalRedirect($dest);
+		} else {
+			$a->internalRedirect($dest);
+		}
 	}
 }

src/Module/Objects.php

@@ -24,7 +24,7 @@ class Objects extends BaseModule
 		}
 
 		if (!ActivityPub::isRequest()) {
-			goaway(str_replace('objects/', 'display/', $a->query_string));
+			$a->internalRedirect(str_replace('objects/', 'display/', $a->query_string));
 		}
 
 		$item = Item::selectFirst(['id'], ['guid' => $a->argv[1], 'wall' => true, 'private' => false]);

src/Module/Tos.php

@@ -49,7 +49,7 @@ class Tos extends BaseModule
 	public static function init()
 	{
 		if (strlen(Config::get('system','singleuser'))) {
-			goaway(System::baseUrl()."/profile/" . Config::get('system','singleuser'));
+			self::getApp()->internalRedirect('profile/' . Config::get('system','singleuser'));
 		}
 	}
 	/**

src/Protocol/DFRN.php

@@ -3037,7 +3037,7 @@ class DFRN
 
 			logger('auto_redir: ' . $r[0]['name'] . ' ' . $sec, LOGGER_DEBUG);
 			$dest = (($url) ? '&destination_url=' . $url : '');
-			goaway($r[0]['poll'] . '?dfrn_id=' . $dfrn_id
+			System::externalRedirect($r[0]['poll'] . '?dfrn_id=' . $dfrn_id
 				. '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest);
 		}
 

tests/ApiTest.php

@@ -3379,7 +3379,7 @@ class ApiTest extends DatabaseTest
 	 */
 	public function testApiFriendicaRemoteauthWithCorrectUrl()
 	{
-		$this->markTestIncomplete("We can't use an assertion here because of goaway().");
+		$this->markTestIncomplete("We can't use an assertion here because of App->redirect().");
 		$_GET['url'] = 'url';
 		$_GET['c_url'] = $this->selfUser['nurl'];
 		api_friendica_remoteauth();