From 17ff47f6d5c9ea6d0f9699d98a25bf9ee27b7835 Mon Sep 17 00:00:00 2001
From: Art4 <art4@wlabs.de>
Date: Thu, 26 Dec 2024 11:35:32 +0000
Subject: [PATCH] remove dependency to global $_GET

---
 src/App.php | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/App.php b/src/App.php
index 5779360356..1e3adae249 100644
--- a/src/App.php
+++ b/src/App.php
@@ -552,6 +552,7 @@ class App
 		ServerRequestInterface $request
 	) {
 		$serverVars = $request->getServerParams();
+		$queryVars  = $request->getQueryParams();
 
 		$requeststring = ($serverVars['REQUEST_METHOD'] ?? '') . ' ' . ($serverVars['REQUEST_URI'] ?? '') . ' ' . ($serverVars['SERVER_PROTOCOL'] ?? '');
 		$this->logger->debug('Request received', ['address' => $serverVars['REMOTE_ADDR'] ?? '', 'request' => $requeststring, 'referer' => $serverVars['HTTP_REFERER'] ?? '', 'user-agent' => $serverVars['HTTP_USER_AGENT'] ?? '']);
@@ -592,23 +593,23 @@ class App
 			}
 
 			// ZRL
-			if (!empty($_GET['zrl']) && $this->mode->isNormal() && !$this->mode->isBackend() && !$this->session->getLocalUserId()) {
+			if (!empty($queryVars['zrl']) && $this->mode->isNormal() && !$this->mode->isBackend() && !$this->session->getLocalUserId()) {
 				// Only continue when the given profile link seems valid.
 				// Valid profile links contain a path with "/profile/" and no query parameters
-				if ((parse_url($_GET['zrl'], PHP_URL_QUERY) == '') &&
-					strpos(parse_url($_GET['zrl'], PHP_URL_PATH) ?? '', '/profile/') !== false) {
-					$this->auth->setUnauthenticatedVisitor($_GET['zrl']);
+				if ((parse_url($queryVars['zrl'], PHP_URL_QUERY) == '') &&
+					strpos(parse_url($queryVars['zrl'], PHP_URL_PATH) ?? '', '/profile/') !== false) {
+					$this->auth->setUnauthenticatedVisitor($queryVars['zrl']);
 					OpenWebAuth::zrlInit();
 				} else {
 					// Someone came with an invalid parameter, maybe as a DDoS attempt
 					// We simply stop processing here
-					$this->logger->debug('Invalid ZRL parameter.', ['zrl' => $_GET['zrl']]);
+					$this->logger->debug('Invalid ZRL parameter.', ['zrl' => $queryVars['zrl']]);
 					throw new HTTPException\ForbiddenException();
 				}
 			}
 
-			if (!empty($_GET['owt']) && $this->mode->isNormal()) {
-				$token = $_GET['owt'];
+			if (!empty($queryVars['owt']) && $this->mode->isNormal()) {
+				$token = $queryVars['owt'];
 				OpenWebAuth::init($token);
 			}