Merge pull request #1635 from ArthurHoaro/feature/phpcs

[github/shaarli/Shaarli.git] / application / front / controller / visitor / ShaarliVisitorController.php

diff --git a/application/front/controller/visitor/ShaarliVisitorController.php b/application/front/controller/visitor/ShaarliVisitorController.php
index cd27455bbf8d8810054e469fd564f89804c4c959..ae946c592240bcee977fce824b3073d368064ee6 100644 (file)
--- a/application/front/controller/visitor/ShaarliVisitorController.php
+++ b/application/front/controller/visitor/ShaarliVisitorController.php
@@ -106,6 +106,7 @@ abstract class ShaarliVisitorController
             'target' => $template,
             'loggedin' => $this->container->loginManager->isLoggedIn(),
             'basePath' => $this->container->basePath,
+            'rootPath' => preg_replace('#/index\.php$#', '', $this->container->basePath),
             'bookmarkService' => $this->container->bookmarkService
         ];
     }
@@ -142,6 +143,14 @@ abstract class ShaarliVisitorController
 
         if (null !== $referer) {
             $currentUrl = parse_url($referer);
+            // If the referer is not related to Shaarli instance, redirect to default
+            if (
+                isset($currentUrl['host'])
+                && strpos(index_url($this->container->environment), $currentUrl['host']) === false
+            ) {
+                return $response->withRedirect($defaultPath);
+            }
+
             parse_str($currentUrl['query'] ?? '', $params);
             $path = $currentUrl['path'] ?? $defaultPath;
         } else {
@@ -165,7 +174,7 @@ abstract class ShaarliVisitorController
             }
         }
 
-        $queryString = count($params) > 0 ? '?'. http_build_query($params) : '';
+        $queryString = count($params) > 0 ? '?' . http_build_query($params) : '';
         $anchor = $anchor ? '#' . $anchor : '';
 
         return $response->withRedirect($path . $queryString . $anchor);