Merge pull request #14465 from annando/fix-follow

Fix the following of accounts with "?" in the URL
This commit is contained in:
Tobias Diekershoff 2024-10-16 06:20:04 +02:00 committed by GitHub
commit b9a5b1c48b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 27 additions and 13 deletions

View file

@ -78,7 +78,7 @@ class VCard
if (in_array($rel, [Contact::SHARING, Contact::FRIEND])) {
$unfollow_link = 'contact/unfollow?url=' . urlencode($contact_url) . '&auto=1';
} elseif (!$pending) {
$follow_link = 'contact/follow?url=' . urlencode($contact_url) . '&auto=1';
$follow_link = 'contact/follow?binurl=' . bin2hex($contact_url) . '&auto=1';
}
}

View file

@ -1225,7 +1225,7 @@ class Contact
if ($contact['uid'] && in_array($contact['rel'], [self::SHARING, self::FRIEND])) {
$unfollow_link = 'contact/unfollow?url=' . urlencode($contact['url']) . '&auto=1';
} elseif (!$contact['pending']) {
$follow_link = 'contact/follow?url=' . urlencode($contact['url']) . '&auto=1';
$follow_link = 'contact/follow?binurl=' . bin2hex($contact['url']) . '&auto=1';
}
}

View file

@ -325,7 +325,7 @@ class Profile
if ($visitor_is_following) {
$unfollow_link = $visitor_base_path . '/contact/unfollow?url=' . urlencode($profile_url) . '&auto=1';
} else {
$follow_link = $visitor_base_path . '/contact/follow?url=' . urlencode($profile_url) . '&auto=1';
$follow_link = $visitor_base_path . '/contact/follow?binurl=' . bin2hex($profile_url) . '&auto=1';
}
}

View file

@ -56,11 +56,15 @@ class Follow extends BaseModule
throw new ForbiddenException($this->t('Access denied.'));
}
if (isset($request['cancel']) || empty($request['url'])) {
$this->baseUrl->redirect('contact');
if (!empty($request['follow-url'])) {
$this->baseUrl->redirect('contact/follow?binurl=' . bin2hex($request['follow-url']));
}
$url = Probe::cleanURI($request['url']);
$url = $this->getUrl($request);
if (isset($request['cancel']) || empty($url)) {
$this->baseUrl->redirect('contact');
}
$this->process($url);
}
@ -77,7 +81,7 @@ class Follow extends BaseModule
$uid = $this->session->getLocalUserId();
// uri is used by the /authorize_interaction Mastodon route
$url = Probe::cleanURI(trim($request['uri'] ?? $request['url'] ?? ''));
$url = $this->getUrl($request);
// Issue 6874: Allow remote following from Peertube
if (strpos($url, 'acct:') === 0) {
@ -182,7 +186,7 @@ class Follow extends BaseModule
protected function process(string $url)
{
$returnPath = 'contact/follow?url=' . urlencode($url);
$returnPath = 'contact/follow?binurl=' . bin2hex($url);
$result = Contact::createFromProbeForUser($this->session->getLocalUserId(), $url);
@ -227,4 +231,14 @@ class Follow extends BaseModule
return;
}
}
private function getUrl(array $request): string
{
if (!empty($request['binurl']) && Strings::isHex($request['binurl'])) {
$url = hex2bin($request['binurl']);
} else {
$url = $request['url'] ?? '';
}
return Probe::cleanURI($url);
}
}

View file

@ -477,7 +477,7 @@ class Profile extends BaseModule
} else {
$contact_actions['follow'] = [
'label' => $this->t('Follow'),
'url' => 'contact/follow?url=' . urlencode($contact['url']) . '&auto=1',
'url' => 'contact/follow?binurl=' . bin2hex($contact['url']) . '&auto=1',
'title' => '',
'sel' => '',
'id' => 'follow',

View file

@ -8,8 +8,8 @@
<div id="follow-sidebar" class="widget">
<h3>{{$connect}}</h3>
<div id="connect-desc">{{$desc nofilter}}</div>
<form action="contact/follow" method="get">
<input id="side-follow-url" type="text" name="url" value="{{$value}}" size="24" placeholder="{{$hint}}" title="{{$hint}}" /><input id="side-follow-submit" type="submit" name="submit" value="{{$follow}}" />
<form action="contact/follow" method="post">
<input id="side-follow-url" type="text" name="follow-url" value="{{$value}}" size="24" placeholder="{{$hint}}" title="{{$hint}}" /><input id="side-follow-submit" type="submit" name="submit" value="{{$follow}}" />
</form>
</div>

View file

@ -8,10 +8,10 @@
<div id="follow-sidebar" class="widget">
<h3>{{$connect}}</h3>
<form action="contact/follow" method="get">
<form action="contact/follow" method="post">
{{* The input field - For visual consistence we are using a search input field*}}
<div class="form-group form-group-search">
<input id="side-follow-url" class="search-input form-control form-search" type="text" name="url" value="{{$value}}" placeholder="{{$hint}}" data-toggle="tooltip" title="{{$hint}}" />
<input id="side-follow-url" class="search-input form-control form-search" type="text" name="follow-url" value="{{$value}}" placeholder="{{$hint}}" data-toggle="tooltip" title="{{$hint}}" />
<button id="side-follow-submit" class="btn btn-default btn-sm form-button-search" type="submit">{{$follow}}</button>
</div>
</form>