Merge pull request #10463 from annando/proxy-security

Proxy: Avoid access for not logged in users
This commit is contained in:
Hypolite Petovan 2021-07-04 10:12:36 -04:00 committed by GitHub
commit bedc8e1427
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -23,6 +23,7 @@ namespace Friendica\Module;
use Friendica\BaseModule; use Friendica\BaseModule;
use Friendica\Core\Logger; use Friendica\Core\Logger;
use Friendica\Core\System;
use Friendica\DI; use Friendica\DI;
use Friendica\Model\Photo; use Friendica\Model\Photo;
use Friendica\Object\Image; use Friendica\Object\Image;
@ -45,7 +46,7 @@ class Proxy extends BaseModule
* Sets application instance and checks if /proxy/ path is writable. * Sets application instance and checks if /proxy/ path is writable.
* *
*/ */
public static function init(array $parameters = []) public static function rawContent(array $parameters = [])
{ {
// Set application instance here // Set application instance here
$a = DI::app(); $a = DI::app();
@ -89,6 +90,11 @@ class Proxy extends BaseModule
throw new \Friendica\Network\HTTPException\BadRequestException(); throw new \Friendica\Network\HTTPException\BadRequestException();
} }
if (!local_user()) {
Logger::info('Redirecting not logged in user to original address', ['url' => $request['url']]);
System::externalRedirect($request['url']);
}
// Webserver already tried direct cache... // Webserver already tried direct cache...
// Try to use filecache; // Try to use filecache;