From 32af52842bea6d55460e353d1800130783f6928c Mon Sep 17 00:00:00 2001 From: Philipp Holzer Date: Sat, 20 Oct 2018 01:01:15 +0200 Subject: [PATCH] adding defaults in mod/redir.php --- include/api.php | 2 +- mod/redir.php | 10 +++++----- src/Module/Magic.php | 22 ++++++++++++++++------ 3 files changed, 22 insertions(+), 12 deletions(-) diff --git a/include/api.php b/include/api.php index e6846c8f63..7e54fa382a 100644 --- a/include/api.php +++ b/include/api.php @@ -4810,7 +4810,7 @@ function api_friendica_remoteauth() logger($contact['name'] . ' ' . $sec, LOGGER_DEBUG); $dest = ($url ? '&destination_url=' . $url : ''); - System::externalRedirect(( + System::externalRedirect( $contact['poll'] . '?dfrn_id=' . $dfrn_id . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest diff --git a/mod/redir.php b/mod/redir.php index 3336f882ad..ad42bc8abc 100644 --- a/mod/redir.php +++ b/mod/redir.php @@ -36,7 +36,7 @@ function redir_init(App $a) { || (!local_user() && !remote_user()) // Visitors (not logged in or not remotes) can't authenticate. || (!empty($a->contact['id']) && $a->contact['id'] == $cid)) // Local user is already authenticated. { - System::externalRedirect($url != '' ? $url : $contact_url); + System::externalRedirect(defaults($url, $contact_url)); } if ($contact['uid'] == 0 && local_user()) { @@ -50,7 +50,7 @@ function redir_init(App $a) { if (!empty($a->contact['id']) && $a->contact['id'] == $cid) { // Local user is already authenticated. - $target_url = $url != '' ? $url : $contact_url; + $target_url = defaults($url, $contact_url); logger($contact['name'] . " is already authenticated. Redirecting to " . $target_url, LOGGER_DEBUG); System::externalRedirect($target_url); } @@ -71,7 +71,7 @@ function redir_init(App $a) { foreach ($_SESSION['remote'] as $v) { if ($v['uid'] == $_SESSION['visitor_visiting'] && $v['cid'] == $_SESSION['visitor_id']) { // Remote user is already authenticated. - $target_url = $url != '' ? $url : $contact_url; + $target_url = defaults($url, $contact_url); logger($contact['name'] . " is already authenticated. Redirecting to " . $target_url, LOGGER_DEBUG); System::externalRedirect($target_url); } @@ -106,7 +106,7 @@ function redir_init(App $a) { . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest . $quiet); } - $url = $url != '' ? $url : $contact_url; + $url = defaults($url, $contact_url); } // If we don't have a connected contact, redirect with @@ -121,7 +121,7 @@ function redir_init(App $a) { } logger('redirecting to ' . $url, LOGGER_DEBUG); - $a->internalRedirect($url); + System::externalRedirect($url); } notice(L10n::t('Contact not found.')); diff --git a/src/Module/Magic.php b/src/Module/Magic.php index 03966733ba..1d7cb715e1 100644 --- a/src/Module/Magic.php +++ b/src/Module/Magic.php @@ -7,6 +7,7 @@ namespace Friendica\Module; use Friendica\BaseModule; use Friendica\Database\DBA; use Friendica\Model\Contact; +use Friendica\Core\System; use Friendica\Util\HTTPSignature; use Friendica\Util\Network; @@ -41,9 +42,13 @@ class Magic extends BaseModule if (!$cid) { logger('No contact record found: ' . print_r($_REQUEST, true), LOGGER_DEBUG); - $a->internalRedirect($dest); + // @TODO Finding a more elegant possibility to redirect to either internal or external URL + if (filter_var($dest, FILTER_VALIDATE_URL)) { + System::externalRedirect($dest); + } else { + $a->internalRedirect($dest); + } } - $contact = DBA::selectFirst('contact', ['id', 'nurl', 'url'], ['id' => $cid]); // Redirect if the contact is already authenticated on this site. @@ -55,7 +60,7 @@ class Magic extends BaseModule } logger('Contact is already authenticated', LOGGER_DEBUG); - $a->internalRedirect($dest); + System::externalRedirect($dest); } if (local_user()) { @@ -99,10 +104,10 @@ class Magic extends BaseModule $x = strpbrk($dest, '?&'); $args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token); - $a->internalRedirect($dest . $args); + System::externalRedirect($dest . $args); } } - $a->internalRedirect($dest); + System::externalRedirect($dest); } } @@ -111,6 +116,11 @@ class Magic extends BaseModule return $ret; } - $a->internalRedirect($dest); + // @TODO Finding a more elegant possibility to redirect to either internal or external URL + if (filter_var($dest, FILTER_VALIDATE_URL)) { + System::externalRedirect($dest); + } else { + $a->internalRedirect($dest); + } } }