Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-01-08 18:44:43 +00:00
Code Issues Projects Releases Packages Wiki Activity

remove dependency to global $_GET

Browse source
This commit is contained in:
Art4 2024-12-26 11:35:32 +00:00
parent 082ed8745b
commit 17ff47f6d5
1 changed files with 8 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
src/App.php
View file

@ -552,6 +552,7 @@ class App
ServerRequestInterface $request
) {
$serverVars = $request->getServerParams();
$queryVars = $request->getQueryParams();
$requeststring = ($serverVars['REQUEST_METHOD'] ?? '') . ' ' . ($serverVars['REQUEST_URI'] ?? '') . ' ' . ($serverVars['SERVER_PROTOCOL'] ?? '');
$this->logger->debug('Request received', ['address' => $serverVars['REMOTE_ADDR'] ?? '', 'request' => $requeststring, 'referer' => $serverVars['HTTP_REFERER'] ?? '', 'user-agent' => $serverVars['HTTP_USER_AGENT'] ?? '']);
@ -592,23 +593,23 @@ class App
}
// ZRL
if (!empty($_GET['zrl']) && $this->mode->isNormal() && !$this->mode->isBackend() && !$this->session->getLocalUserId()) {
if (!empty($queryVars['zrl']) && $this->mode->isNormal() && !$this->mode->isBackend() && !$this->session->getLocalUserId()) {
// Only continue when the given profile link seems valid.
// Valid profile links contain a path with "/profile/" and no query parameters
if ((parse_url($_GET['zrl'], PHP_URL_QUERY) == '') &&
strpos(parse_url($_GET['zrl'], PHP_URL_PATH) ?? '', '/profile/') !== false) {
$this->auth->setUnauthenticatedVisitor($_GET['zrl']);
if ((parse_url($queryVars['zrl'], PHP_URL_QUERY) == '') &&
strpos(parse_url($queryVars['zrl'], PHP_URL_PATH) ?? '', '/profile/') !== false) {
$this->auth->setUnauthenticatedVisitor($queryVars['zrl']);
OpenWebAuth::zrlInit();
} else {
// Someone came with an invalid parameter, maybe as a DDoS attempt
// We simply stop processing here
$this->logger->debug('Invalid ZRL parameter.', ['zrl' => $_GET['zrl']]);
$this->logger->debug('Invalid ZRL parameter.', ['zrl' => $queryVars['zrl']]);
throw new HTTPException\ForbiddenException();
}
}
if (!empty($_GET['owt']) && $this->mode->isNormal()) {
$token = $_GET['owt'];
if (!empty($queryVars['owt']) && $this->mode->isNormal()) {
$token = $queryVars['owt'];
OpenWebAuth::init($token);
}