harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

owa: htmlentity encoding encountered in authentication workflow (possibly introduced during Apache mod_rewrite with QSA flag)

Browse Source
This commit is contained in:
zotlabs 2018-06-17 17:30:09 -07:00
parent eedfb7de32
commit e4ed0f8acd
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Zotlabs/Module/Magic.php
View File

@ -19,7 +19,11 @@ class Magic extends \Zotlabs\Web\Controller {
$rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0); $rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0);
$owa = ((x($_REQUEST,'owa')) ? intval($_REQUEST['owa']) : 0); $owa = ((x($_REQUEST,'owa')) ? intval($_REQUEST['owa']) : 0);
$delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : ''); $delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : '');
// Apache(?) appears to perform an htmlentities() operation on this variable
$dest = html_entity_decode($dest);
$parsed = parse_url($dest); $parsed = parse_url($dest);
if(! $parsed) { if(! $parsed) {
if($test) { if($test) {
@ -139,6 +143,9 @@ class Magic extends \Zotlabs\Web\Controller {
if($owa) { if($owa) {
$dest = strip_zids($dest);
$dest = strip_query_param($dest,'f');
$headers = []; $headers = [];
$headers['Accept'] = 'application/x-zot+json' ; $headers['Accept'] = 'application/x-zot+json' ;
$headers['X-Open-Web-Auth'] = random_string(); $headers['X-Open-Web-Auth'] = random_string();