From 93536f31e80ccdc9eb48affc4fa24d615d13ffe2 Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 16 Oct 2024 03:00:20 +0000 Subject: [PATCH] Fix the following of accounts with "?" in the URL --- src/Content/Widget/VCard.php | 2 +- src/Model/Contact.php | 2 +- src/Model/Profile.php | 2 +- src/Module/Contact/Follow.php | 24 ++++++++++++++++----- src/Module/Contact/Profile.php | 2 +- view/templates/widget/follow.tpl | 4 ++-- view/theme/frio/templates/widget/follow.tpl | 4 ++-- 7 files changed, 27 insertions(+), 13 deletions(-) diff --git a/src/Content/Widget/VCard.php b/src/Content/Widget/VCard.php index 3f89299466..8a33ba09e9 100644 --- a/src/Content/Widget/VCard.php +++ b/src/Content/Widget/VCard.php @@ -78,7 +78,7 @@ class VCard if (in_array($rel, [Contact::SHARING, Contact::FRIEND])) { $unfollow_link = 'contact/unfollow?url=' . urlencode($contact_url) . '&auto=1'; } elseif (!$pending) { - $follow_link = 'contact/follow?url=' . urlencode($contact_url) . '&auto=1'; + $follow_link = 'contact/follow?binurl=' . bin2hex($contact_url) . '&auto=1'; } } diff --git a/src/Model/Contact.php b/src/Model/Contact.php index c6bdba2dc0..cd0d1feca2 100644 --- a/src/Model/Contact.php +++ b/src/Model/Contact.php @@ -1225,7 +1225,7 @@ class Contact if ($contact['uid'] && in_array($contact['rel'], [self::SHARING, self::FRIEND])) { $unfollow_link = 'contact/unfollow?url=' . urlencode($contact['url']) . '&auto=1'; } elseif (!$contact['pending']) { - $follow_link = 'contact/follow?url=' . urlencode($contact['url']) . '&auto=1'; + $follow_link = 'contact/follow?binurl=' . bin2hex($contact['url']) . '&auto=1'; } } diff --git a/src/Model/Profile.php b/src/Model/Profile.php index 8016ce201c..a27fd9c99e 100644 --- a/src/Model/Profile.php +++ b/src/Model/Profile.php @@ -325,7 +325,7 @@ class Profile if ($visitor_is_following) { $unfollow_link = $visitor_base_path . '/contact/unfollow?url=' . urlencode($profile_url) . '&auto=1'; } else { - $follow_link = $visitor_base_path . '/contact/follow?url=' . urlencode($profile_url) . '&auto=1'; + $follow_link = $visitor_base_path . '/contact/follow?binurl=' . bin2hex($profile_url) . '&auto=1'; } } diff --git a/src/Module/Contact/Follow.php b/src/Module/Contact/Follow.php index 23f88d9e2d..72c5238184 100644 --- a/src/Module/Contact/Follow.php +++ b/src/Module/Contact/Follow.php @@ -56,11 +56,15 @@ class Follow extends BaseModule throw new ForbiddenException($this->t('Access denied.')); } - if (isset($request['cancel']) || empty($request['url'])) { - $this->baseUrl->redirect('contact'); + if (!empty($request['follow-url'])) { + $this->baseUrl->redirect('contact/follow?binurl=' . bin2hex($request['follow-url'])); } - $url = Probe::cleanURI($request['url']); + $url = $this->getUrl($request); + + if (isset($request['cancel']) || empty($url)) { + $this->baseUrl->redirect('contact'); + } $this->process($url); } @@ -77,7 +81,7 @@ class Follow extends BaseModule $uid = $this->session->getLocalUserId(); // uri is used by the /authorize_interaction Mastodon route - $url = Probe::cleanURI(trim($request['uri'] ?? $request['url'] ?? '')); + $url = $this->getUrl($request); // Issue 6874: Allow remote following from Peertube if (strpos($url, 'acct:') === 0) { @@ -182,7 +186,7 @@ class Follow extends BaseModule protected function process(string $url) { - $returnPath = 'contact/follow?url=' . urlencode($url); + $returnPath = 'contact/follow?binurl=' . bin2hex($url); $result = Contact::createFromProbeForUser($this->session->getLocalUserId(), $url); @@ -227,4 +231,14 @@ class Follow extends BaseModule return; } } + + private function getUrl(array $request): string + { + if (!empty($request['binurl']) && Strings::isHex($request['binurl'])) { + $url = hex2bin($request['binurl']); + } else { + $url = $request['url'] ?? ''; + } + return Probe::cleanURI($url); + } } diff --git a/src/Module/Contact/Profile.php b/src/Module/Contact/Profile.php index efd7c5cdb6..71369c6de6 100644 --- a/src/Module/Contact/Profile.php +++ b/src/Module/Contact/Profile.php @@ -477,7 +477,7 @@ class Profile extends BaseModule } else { $contact_actions['follow'] = [ 'label' => $this->t('Follow'), - 'url' => 'contact/follow?url=' . urlencode($contact['url']) . '&auto=1', + 'url' => 'contact/follow?binurl=' . bin2hex($contact['url']) . '&auto=1', 'title' => '', 'sel' => '', 'id' => 'follow', diff --git a/view/templates/widget/follow.tpl b/view/templates/widget/follow.tpl index ae3f32d622..f980dacd3a 100644 --- a/view/templates/widget/follow.tpl +++ b/view/templates/widget/follow.tpl @@ -8,8 +8,8 @@

{{$connect}}

{{$desc nofilter}}
-
- + +
diff --git a/view/theme/frio/templates/widget/follow.tpl b/view/theme/frio/templates/widget/follow.tpl index 9e96196459..2e679f9f5d 100644 --- a/view/theme/frio/templates/widget/follow.tpl +++ b/view/theme/frio/templates/widget/follow.tpl @@ -8,10 +8,10 @@

{{$connect}}

-
+ {{* The input field - For visual consistence we are using a search input field*}}