harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'mike/master' into dev

Browse Source
This commit is contained in:
Mario Vavti 2018-07-19 09:12:33 +02:00
commit fe0e00f8f8
10 changed files with 28 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Zotlabs/Module/Magic.php
View File

@ -14,15 +14,15 @@ class Magic extends \Zotlabs\Web\Controller {
logger('mod_magic: args: ' . print_r($_REQUEST,true),LOGGER_DATA);
$addr = ((x($_REQUEST,'addr')) ? $_REQUEST['addr'] : '');
$bdest = ((x($_REQUEST,'bdest')) ? $_REQUEST['bdest'] : '');
$dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : '');
$test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0);
$rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0);
$owa = ((x($_REQUEST,'owa')) ? intval($_REQUEST['owa']) : 0);
$delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : '');
// Apache(?) appears to perform an htmlentities() operation on this variable
$dest = html_entity_decode($dest);
if($bdest)
$dest = hex2bin($bdest);
$parsed = parse_url($dest);
if(! $parsed) {

2
Zotlabs/Module/Manage.php
View File

@ -156,7 +156,7 @@ class Manage extends \Zotlabs\Web\Controller {
if($delegates) {
for($x = 0; $x < count($delegates); $x ++) {
$delegates[$x]['link'] = 'magic?f=&dest=' . urlencode($delegates[$x]['xchan_url'])
$delegates[$x]['link'] = 'magic?f=&bdest=' . bin2hex($delegates[$x]['xchan_url'])
. '&delegate=' . urlencode($delegates[$x]['xchan_addr']);
$delegates[$x]['channel_name'] = $delegates[$x]['xchan_name'];
$delegates[$x]['delegate'] = 1;

4
Zotlabs/Module/Nojs.php
View File

@ -7,8 +7,8 @@ class Nojs extends \Zotlabs\Web\Controller {
function init() {
$n = ((argc() > 1) ? intval(argv(1)) : 1);
setcookie('jsdisabled', $n, 0, '/');
$p = $_GET['redir'];
$hasq = strpos($p,'?');
$p = hex2bin($_GET['redir']);
$hasq = strpbrk($p,'?&');
goaway(z_root() . (($p) ? '/' . $p : '') . (($hasq) ? '' : '?f=' ) . '&jsdisabled=' . $n);
}

10
Zotlabs/Module/Rmagic.php
View File

@ -17,8 +17,8 @@ class Rmagic extends \Zotlabs\Web\Controller {
if($r) {
if($r[0]['hubloc_url'] === z_root())
goaway(z_root() . '/login');
$dest = z_root() . '/' . str_replace(['rmagic','zid='],['','zid_='],\App::$query_string);
goaway($r[0]['hubloc_url'] . '/magic' . '?f=&owa=1&dest=' . $dest);
$dest = bin2hex(z_root() . '/' . str_replace(['rmagic','zid='],['','zid_='],\App::$query_string));
goaway($r[0]['hubloc_url'] . '/magic' . '?f=&owa=1&bdest=' . $dest);
}
}
}
@ -59,11 +59,11 @@ class Rmagic extends \Zotlabs\Web\Controller {
if($url) {
if($_SESSION['return_url'])
$dest = urlencode(z_root() . '/' . str_replace('zid=','zid_=',$_SESSION['return_url']));
$dest = bin2hex(z_root() . '/' . str_replace('zid=','zid_=',$_SESSION['return_url']));
else
$dest = urlencode(z_root() . '/' . str_replace([ 'rmagic', 'zid=' ] ,[ '', 'zid_='],\App::$query_string));
$dest = bin2hex(z_root() . '/' . str_replace([ 'rmagic', 'zid=' ] ,[ '', 'zid_='],\App::$query_string));
goaway($url . '/magic' . '?f=&owa=1&dest=' . $dest);
goaway($url . '/magic' . '?f=&owa=1&bdest=' . $dest);
}
}
}

2
Zotlabs/Web/CheckJS.php
View File

@ -18,7 +18,7 @@ class CheckJS {
$this->jsdisabled = 0;
if(! $this->jsdisabled) {
$page = urlencode(\App::$query_string);
$page = bin2hex(\App::$query_string);
if($test) {
$this->jsdisabled = 1;

3
boot.php
View File

@ -874,11 +874,12 @@ class App {
}
if((x($_SERVER,'QUERY_STRING')) && substr($_SERVER['QUERY_STRING'], 0, 2) === "q=") {
self::$query_string = escape_tags(substr($_SERVER['QUERY_STRING'], 2));
self::$query_string = str_replace(['<','>'],['&lt;','&gt;'],substr($_SERVER['QUERY_STRING'], 2));
// removing trailing / - maybe a nginx problem
if (substr(self::$query_string, 0, 1) == "/")
self::$query_string = substr(self::$query_string, 1);
}
if(x($_GET,'q'))
self::$cmd = escape_tags(trim($_GET['q'],'/\\'));

4
include/channel.php
View File

@ -1710,9 +1710,9 @@ function zid_init() {
// try to avoid recursion - but send them home to do a proper magic auth
$query = App::$query_string;
$query = str_replace(array('?zid=','&zid='),array('?rzid=','&rzid='),$query);
$dest = '/' . urlencode($query);
$dest = '/' . $query;
if($r && ($r[0]['hubloc_url'] != z_root()) && (! strstr($dest,'/magic')) && (! strstr($dest,'/rmagic'))) {
goaway($r[0]['hubloc_url'] . '/magic' . '?f=&rev=1&owa=1&dest=' . z_root() . $dest);
goaway($r[0]['hubloc_url'] . '/magic' . '?f=&rev=1&owa=1&bdest=' . bin2hex(z_root() . $dest));
}
else
logger('No hubloc found.');

2
include/connections.php
View File

@ -120,7 +120,7 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') {
App::$profile_uid = $xchan['channel_id'];
$url = (($observer)
? z_root() . '/magic?f=&owa=1&dest=' . $xchan['xchan_url'] . '&addr=' . $xchan['xchan_addr']
? z_root() . '/magic?f=&owa=1&bdest=' . bin2hex($xchan['xchan_url']) . '&addr=' . $xchan['xchan_addr']
: $xchan['xchan_url']
);

4
include/text.php
View File

@ -1018,7 +1018,7 @@ function chanlink_cid($d) {
function magiclink_url($observer,$myaddr,$url) {
return (($observer)
? z_root() . '/magic?f=&owa=1&dest=' . $url . '&addr=' . $myaddr
? z_root() . '/magic?f=&owa=1&bdest=' . bin2hex($url) . '&addr=' . $myaddr
: $url
);
}
@ -1454,7 +1454,7 @@ function theme_attachments(&$item) {
if(is_foreigner($item['author_xchan']))
$url = $r['href'];
else
$url = z_root() . '/magic?f=&owa=1&hash=' . $item['author_xchan'] . '&dest=' . $r['href'] . '/' . $r['revision'];
$url = z_root() . '/magic?f=&owa=1&hash=' . $item['author_xchan'] . '&bdest=' . bin2hex($r['href'] . '/' . $r['revision']);
//$s .= '<a href="' . $url . '" title="' . $title . '" class="attachlink" >' . $icon . '</a>';
$attaches[] = array('label' => $label, 'url' => $url, 'icon' => $icon, 'title' => $title);

16
util/typo.php
View File

@ -12,25 +12,27 @@
App::init();
$cmd = ((x(App::$config,'system')) && (x(App::$config['system'],'php_path')) && (strlen(App::$config['system']['php_path'])) ? App::$config['system']['php_path'] : 'php') . ' -l ';
echo "Directory: include\n";
$files = glob('include/*.php');
foreach($files as $file) {
echo $file . "\n";
echo exec($cmd . $file) . "\n";
include_once($file);
}
echo "Directory: include/dba\n";
$files = glob('include/dba/*.php');
foreach($files as $file) {
echo $file . "\n";
echo exec($cmd . $file) . "\n";
include_once($file);
}
echo "Directory: include/photo\n";
$files = glob('include/photo/*.php');
foreach($files as $file) {
echo $file . "\n";
echo exec($cmd . $file) . "\n";
include_once($file);
}
@ -39,7 +41,7 @@
$files = glob('Zotlabs/*/*.php');
foreach($files as $file) {
if((strpos($file,'SiteModule') === false) || (strpos($file,'SiteWidget') === false)) {
echo $file . "\n";
echo exec($cmd . $file) . "\n";
include_once($file);
}
}
@ -47,7 +49,7 @@
echo "Directory: Zotlabs/Module (sub-modules)\n";
$files = glob('Zotlabs/Module/*/*.php');
foreach($files as $file) {
echo $file . "\n";
echo exec($cmd . $file) . "\n";
include_once($file);
}
@ -58,7 +60,7 @@
$addon = basename($dir);
$files = glob($dir . '/' . $addon . '.php');
foreach($files as $file) {
echo $file . "\n";
echo exec($cmd . $file) . "\n";
include_once($file);
}
}
@ -77,6 +79,6 @@
$files = glob('view/*/hstrings.php');
foreach($files as $file) {
echo $file . "\n";
echo exec($cmd . $file) . "\n";
passthru($phpath . ' util/typohelper.php ' . $file);
}