harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

query filter was a bit greedy

Browse Source
This commit is contained in:
zotlabs 2018-07-18 17:48:23 -07:00
parent 5ce50d0a2e
commit a05c8ff66b
3 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Zotlabs/Module/Magic.php
View File

@ -21,7 +21,6 @@ class Magic extends \Zotlabs\Web\Controller {
$owa = ((x($_REQUEST,'owa')) ? intval($_REQUEST['owa']) : 0); $owa = ((x($_REQUEST,'owa')) ? intval($_REQUEST['owa']) : 0);
$delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : ''); $delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : '');
if($bdest) if($bdest)
$dest = hex2bin($bdest); $dest = hex2bin($bdest);

3
boot.php
View File

@ -874,11 +874,12 @@ class App {
} }
if((x($_SERVER,'QUERY_STRING')) && substr($_SERVER['QUERY_STRING'], 0, 2) === "q=") { if((x($_SERVER,'QUERY_STRING')) && substr($_SERVER['QUERY_STRING'], 0, 2) === "q=") {
self::$query_string = escape_tags(substr($_SERVER['QUERY_STRING'], 2)); self::$query_string = str_replace(['<','>'],['&lt;','&gt;'],substr($_SERVER['QUERY_STRING'], 2);
// removing trailing / - maybe a nginx problem // removing trailing / - maybe a nginx problem
if (substr(self::$query_string, 0, 1) == "/") if (substr(self::$query_string, 0, 1) == "/")
self::$query_string = substr(self::$query_string, 1); self::$query_string = substr(self::$query_string, 1);
} }
if(x($_GET,'q')) if(x($_GET,'q'))
self::$cmd = escape_tags(trim($_GET['q'],'/\\')); self::$cmd = escape_tags(trim($_GET['q'],'/\\'));

2
include/channel.php
View File

@ -1710,7 +1710,7 @@ function zid_init() {
// try to avoid recursion - but send them home to do a proper magic auth // try to avoid recursion - but send them home to do a proper magic auth
$query = App::$query_string; $query = App::$query_string;
$query = str_replace(array('?zid=','&zid='),array('?rzid=','&rzid='),$query); $query = str_replace(array('?zid=','&zid='),array('?rzid=','&rzid='),$query);
$dest = '/' . urlencode($query); $dest = '/' . $query;
if($r && ($r[0]['hubloc_url'] != z_root()) && (! strstr($dest,'/magic')) && (! strstr($dest,'/rmagic'))) { if($r && ($r[0]['hubloc_url'] != z_root()) && (! strstr($dest,'/magic')) && (! strstr($dest,'/rmagic'))) {
goaway($r[0]['hubloc_url'] . '/magic' . '?f=&rev=1&owa=1&bdest=' . bin2hex(z_root() . $dest)); goaway($r[0]['hubloc_url'] . '/magic' . '?f=&rev=1&owa=1&bdest=' . bin2hex(z_root() . $dest));
} }