remove dependency to global $_GET

This commit is contained in:
Art4 2024-12-26 11:35:32 +00:00
parent 082ed8745b
commit 17ff47f6d5

View file

@ -552,6 +552,7 @@ class App
ServerRequestInterface $request ServerRequestInterface $request
) { ) {
$serverVars = $request->getServerParams(); $serverVars = $request->getServerParams();
$queryVars = $request->getQueryParams();
$requeststring = ($serverVars['REQUEST_METHOD'] ?? '') . ' ' . ($serverVars['REQUEST_URI'] ?? '') . ' ' . ($serverVars['SERVER_PROTOCOL'] ?? ''); $requeststring = ($serverVars['REQUEST_METHOD'] ?? '') . ' ' . ($serverVars['REQUEST_URI'] ?? '') . ' ' . ($serverVars['SERVER_PROTOCOL'] ?? '');
$this->logger->debug('Request received', ['address' => $serverVars['REMOTE_ADDR'] ?? '', 'request' => $requeststring, 'referer' => $serverVars['HTTP_REFERER'] ?? '', 'user-agent' => $serverVars['HTTP_USER_AGENT'] ?? '']); $this->logger->debug('Request received', ['address' => $serverVars['REMOTE_ADDR'] ?? '', 'request' => $requeststring, 'referer' => $serverVars['HTTP_REFERER'] ?? '', 'user-agent' => $serverVars['HTTP_USER_AGENT'] ?? '']);
@ -592,23 +593,23 @@ class App
} }
// ZRL // ZRL
if (!empty($_GET['zrl']) && $this->mode->isNormal() && !$this->mode->isBackend() && !$this->session->getLocalUserId()) { if (!empty($queryVars['zrl']) && $this->mode->isNormal() && !$this->mode->isBackend() && !$this->session->getLocalUserId()) {
// Only continue when the given profile link seems valid. // Only continue when the given profile link seems valid.
// Valid profile links contain a path with "/profile/" and no query parameters // Valid profile links contain a path with "/profile/" and no query parameters
if ((parse_url($_GET['zrl'], PHP_URL_QUERY) == '') && if ((parse_url($queryVars['zrl'], PHP_URL_QUERY) == '') &&
strpos(parse_url($_GET['zrl'], PHP_URL_PATH) ?? '', '/profile/') !== false) { strpos(parse_url($queryVars['zrl'], PHP_URL_PATH) ?? '', '/profile/') !== false) {
$this->auth->setUnauthenticatedVisitor($_GET['zrl']); $this->auth->setUnauthenticatedVisitor($queryVars['zrl']);
OpenWebAuth::zrlInit(); OpenWebAuth::zrlInit();
} else { } else {
// Someone came with an invalid parameter, maybe as a DDoS attempt // Someone came with an invalid parameter, maybe as a DDoS attempt
// We simply stop processing here // We simply stop processing here
$this->logger->debug('Invalid ZRL parameter.', ['zrl' => $_GET['zrl']]); $this->logger->debug('Invalid ZRL parameter.', ['zrl' => $queryVars['zrl']]);
throw new HTTPException\ForbiddenException(); throw new HTTPException\ForbiddenException();
} }
} }
if (!empty($_GET['owt']) && $this->mode->isNormal()) { if (!empty($queryVars['owt']) && $this->mode->isNormal()) {
$token = $_GET['owt']; $token = $queryVars['owt'];
OpenWebAuth::init($token); OpenWebAuth::init($token);
} }