friendica
/
friendica
mirror of https://github.com/friendica/friendica
6
0
Fork 1
Code Issues Packages Projects Releases 1 Wiki Activity

Transferring the "addr" value on magic auth

This commit is contained in:
Michael 2019-09-29 10:20:53 +00:00
parent 0185c91246
commit c2c1b317e0
1 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/Model/Profile.php
View File

@ -1024,6 +1024,12 @@ class Profile
* *
* Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/channel.php * Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/channel.php
* *
* The implementation for Friendica sadly differs in some points from the one for Hubzilla:
* - Hubzilla uses the "zid" parameter, while for Friendica it had been replaced with "zrl"
* - There seem to be some reverse authentication (rmagic) that isn't implemented in Friendica at all
*
* It would be favourable to harmonize the two implementations.
*
* @param App $a Application instance. * @param App $a Application instance.
* @throws \Friendica\Network\HTTPException\InternalServerErrorException * @throws \Friendica\Network\HTTPException\InternalServerErrorException
* @throws \ImagickException * @throws \ImagickException
@ -1037,6 +1043,8 @@ class Profile
return; return;
} }
$addr = $_GET['addr'] ?? $my_url;
$arr = ['zrl' => $my_url, 'url' => $a->cmd]; $arr = ['zrl' => $my_url, 'url' => $a->cmd];
Hook::callAll('zrl_init', $arr); Hook::callAll('zrl_init', $arr);
@ -1067,8 +1075,10 @@ class Profile
Worker::add(PRIORITY_LOW, 'GProbe', $my_url); Worker::add(PRIORITY_LOW, 'GProbe', $my_url);
// Try to avoid recursion - but send them home to do a proper magic auth. // Remove the "addr" parameter from the destination. It is later added as separate parameter again.
$query = str_replace(array('?zrl=', '&zid='), array('?rzrl=', '&rzrl='), $a->query_string); $addr_request = 'addr=' . urlencode($addr);
$query = rtrim(str_replace($addr_request, '', $a->query_string), '?&');
// The other instance needs to know where to redirect. // The other instance needs to know where to redirect.
$dest = urlencode($a->getBaseURL() . '/' . $query); $dest = urlencode($a->getBaseURL() . '/' . $query);
@ -1076,8 +1086,8 @@ class Profile
// to redirect the visitors '/magic' module. // to redirect the visitors '/magic' module.
$basepath = Contact::getBasepath($contact['url']); $basepath = Contact::getBasepath($contact['url']);
if ($basepath != $a->getBaseURL() && !strstr($dest, '/magic') && !strstr($dest, '/rmagic')) { if ($basepath != $a->getBaseURL() && !strstr($dest, '/magic')) {
$magic_path = $basepath . '/magic' . '?f=&owa=1&dest=' . $dest; $magic_path = $basepath . '/magic' . '?f=&owa=1&dest=' . $dest . '&' . $addr_request;
// We have to check if the remote server does understand /magic without invoking something // We have to check if the remote server does understand /magic without invoking something
$serverret = Network::curl($basepath . '/magic'); $serverret = Network::curl($basepath . '/magic');