nupplaPhil/friendica
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #11080 from annando/simplify-zrl

Browse source 
ZRL: Simplify the code structure
This commit is contained in:
Hypolite Petovan 2021-12-08 17:19:38 -05:00 committed by GitHub
parent f1d6e7ebb4 0844e3f8a6
commit 2fd3a47fba
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
src/App.php
View file

@ -600,29 +600,27 @@ class App
} }
// ZRL // ZRL
if (!empty($_GET['zrl']) && $this->mode->isNormal() && !$this->mode->isBackend()) { if (!empty($_GET['zrl']) && $this->mode->isNormal() && !$this->mode->isBackend() && !local_user()) {
if (!local_user()) { // Only continue when the given profile link seems valid
// Only continue when the given profile link seems valid // Valid profile links contain a path with "/profile/" and no query parameters
// Valid profile links contain a path with "/profile/" and no query parameters if ((parse_url($_GET['zrl'], PHP_URL_QUERY) == "") &&
if ((parse_url($_GET['zrl'], PHP_URL_QUERY) == "") && strstr(parse_url($_GET['zrl'], PHP_URL_PATH), "/profile/")) {
strstr(parse_url($_GET['zrl'], PHP_URL_PATH), "/profile/")) { if (Core\Session::get('visitor_home') != $_GET["zrl"]) {
if (Core\Session::get('visitor_home') != $_GET["zrl"]) { Core\Session::set('my_url', $_GET['zrl']);
Core\Session::set('my_url', $_GET['zrl']); Core\Session::set('authenticated', 0);
Core\Session::set('authenticated', 0);
$remote_contact = Contact::getByURL($_GET['zrl'], false, ['subscribe']); $remote_contact = Contact::getByURL($_GET['zrl'], false, ['subscribe']);
if (!empty($remote_contact['subscribe'])) { if (!empty($remote_contact['subscribe'])) {
$_SESSION['remote_comment'] = $remote_contact['subscribe']; $_SESSION['remote_comment'] = $remote_contact['subscribe'];
}
} }
Model\Profile::zrlInit($this);
} else {
// Someone came with an invalid parameter, maybe as a DDoS attempt
// We simply stop processing here
$this->logger->debug('Invalid ZRL parameter.', ['zrl' => $_GET['zrl']]);
throw new HTTPException\ForbiddenException();
} }
Model\Profile::zrlInit($this);
} else {
// Someone came with an invalid parameter, maybe as a DDoS attempt
// We simply stop processing here
$this->logger->debug('Invalid ZRL parameter.', ['zrl' => $_GET['zrl']]);
throw new HTTPException\ForbiddenException();
} }
} }