X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=application%2Ffront%2Fcontroller%2Fvisitor%2FShaarliVisitorController.php;h=d3f28f2f7e536ca859049a3b22010eb6b077724e;hb=ccd1862d5f6f2c0548473466aaff7ee99f9d67d2;hp=cd27455bbf8d8810054e469fd564f89804c4c959;hpb=6f199ee48906ca8cdc7d7f2cacbd4c57f474c879;p=github%2Fshaarli%2FShaarli.git

diff --git a/application/front/controller/visitor/ShaarliVisitorController.php b/application/front/controller/visitor/ShaarliVisitorController.php
index cd27455b..d3f28f2f 100644
--- a/application/front/controller/visitor/ShaarliVisitorController.php
+++ b/application/front/controller/visitor/ShaarliVisitorController.php
@@ -56,6 +56,10 @@ abstract class ShaarliVisitorController
 
     protected function render(string $template): string
     {
+        // Legacy key that used to be injected by PluginManager
+        $this->assignView('_PAGE_', $template);
+        $this->assignView('template', $template);
+
         $this->assignView('linkcount', $this->container->bookmarkService->count(BookmarkFilter::$ALL));
         $this->assignView('privateLinkcount', $this->container->bookmarkService->count(BookmarkFilter::$PRIVATE));
 
@@ -106,6 +110,7 @@ abstract class ShaarliVisitorController
             'target' => $template,
             'loggedin' => $this->container->loginManager->isLoggedIn(),
             'basePath' => $this->container->basePath,
+            'rootPath' => preg_replace('#/index\.php$#', '', $this->container->basePath),
             'bookmarkService' => $this->container->bookmarkService
         ];
     }
@@ -142,6 +147,14 @@ abstract class ShaarliVisitorController
 
         if (null !== $referer) {
             $currentUrl = parse_url($referer);
+            // If the referer is not related to Shaarli instance, redirect to default
+            if (
+                isset($currentUrl['host'])
+                && strpos(index_url($this->container->environment), $currentUrl['host']) === false
+            ) {
+                return $response->withRedirect($defaultPath);
+            }
+
             parse_str($currentUrl['query'] ?? '', $params);
             $path = $currentUrl['path'] ?? $defaultPath;
         } else {
@@ -165,7 +178,7 @@ abstract class ShaarliVisitorController
             }
         }
 
-        $queryString = count($params) > 0 ? '?'. http_build_query($params) : '';
+        $queryString = count($params) > 0 ? '?' . http_build_query($params) : '';
         $anchor = $anchor ? '#' . $anchor : '';
 
         return $response->withRedirect($path . $queryString . $anchor);