Merge pull request #257 from ArthurHoaro/tag-http-referer

Prevent redirection loop everytime we rely on HTTP_REFERER
author: VirtualTam <tamisier.aurelien@gmail.com> 2015-07-12 19:56:13 +0200
committer: VirtualTam <tamisier.aurelien@gmail.com> 2015-07-12 19:56:13 +0200
commit: 5b0ebbc5de06b8a0e9679b78b45d0dc755db7986 (patch)
tree: ed6a7f6c7ea02d0942d32c31637553976e978c5f /application/Utils.php
parent: 1dcbe29611a4ba4b4b2d37954105c1fc8da33496 (diff)
parent: 775803a05cdba9d7fc1b37af4b15ecd80a8cbcc2 (diff)
download: Shaarli-5b0ebbc5de06b8a0e9679b78b45d0dc755db7986.tar.gz
Shaarli-5b0ebbc5de06b8a0e9679b78b45d0dc755db7986.tar.zst
Shaarli-5b0ebbc5de06b8a0e9679b78b45d0dc755db7986.zip
1 files changed, 33 insertions, 1 deletions
diff --git a/application/Utils.php b/application/Utils.php
index a1e97b35..658b97bc 100644
--- a/application/Utils.php
+++ b/application/Utils.php
@@ -84,4 +84,36 @@ function checkDateFormat($format, $string)
    $date = DateTime::createFromFormat($format, $string);
    return $date && $date->format($string) == $string;
 }
-?>
+/**
+ * Generate a header location from HTTP_REFERER.
+ * Make sure the referer is Shaarli itself and prevent redirection loop.
+ *
+ * @param string $referer - HTTP_REFERER.
+ * @param string $host - Server HOST.
+ * @param array $loopTerms - Contains list of term to prevent redirection loop.
+ *
+ * @return string $referer - final referer.
+ */
+function generateLocation($referer, $host, $loopTerms = array())
+{
+    $final_referer = '?';
+    // No referer if it contains any value in $loopCriteria.
+    foreach ($loopTerms as $value) {
+        if (strpos($referer, $value) !== false) {
+            return $final_referer;
+        }
+    }
+    // Remove port from HTTP_HOST
+    if ($pos = strpos($host, ':')) {
+        $host = substr($host, 0, $pos);
+    }
+    if (!empty($referer) && strpos(parse_url($referer, PHP_URL_HOST), $host) !== false) {
+        $final_referer = $referer;
+    }
+    return $final_referer;
+}
author	VirtualTam <tamisier.aurelien@gmail.com>	2015-07-12 19:56:13 +0200
committer	VirtualTam <tamisier.aurelien@gmail.com>	2015-07-12 19:56:13 +0200
commit	5b0ebbc5de06b8a0e9679b78b45d0dc755db7986 (patch)
tree	ed6a7f6c7ea02d0942d32c31637553976e978c5f /application/Utils.php
parent	1dcbe29611a4ba4b4b2d37954105c1fc8da33496 (diff)
parent	775803a05cdba9d7fc1b37af4b15ecd80a8cbcc2 (diff)
download	Shaarli-5b0ebbc5de06b8a0e9679b78b45d0dc755db7986.tar.gz Shaarli-5b0ebbc5de06b8a0e9679b78b45d0dc755db7986.tar.zst Shaarli-5b0ebbc5de06b8a0e9679b78b45d0dc755db7986.zip

diff --git a/application/Utils.php b/application/Utils.php index a1e97b35..658b97bc 100644 --- a/application/Utils.php +++ b/application/Utils.php
@@ -84,4 +84,36 @@ function checkDateFormat($format, $string)
84	$date = DateTime::createFromFormat($format, $string);	84	$date = DateTime::createFromFormat($format, $string);
85	return $date && $date->format($string) == $string;	85	return $date && $date->format($string) == $string;
86	}	86	}
87	?>	87
		88	/**
		89	* Generate a header location from HTTP_REFERER.
		90	* Make sure the referer is Shaarli itself and prevent redirection loop.
		91	*
		92	* @param string $referer - HTTP_REFERER.
		93	* @param string $host - Server HOST.
		94	* @param array $loopTerms - Contains list of term to prevent redirection loop.
		95	*
		96	* @return string $referer - final referer.
		97	*/
		98	function generateLocation($referer, $host, $loopTerms = array())
		99	{
		100	$final_referer = '?';
		101
		102	// No referer if it contains any value in $loopCriteria.
		103	foreach ($loopTerms as $value) {
		104	if (strpos($referer, $value) !== false) {
		105	return $final_referer;
		106	}
		107	}
		108
		109	// Remove port from HTTP_HOST
		110	if ($pos = strpos($host, ':')) {
		111	$host = substr($host, 0, $pos);
		112	}
		113
		114	if (!empty($referer) && strpos(parse_url($referer, PHP_URL_HOST), $host) !== false) {
		115	$final_referer = $referer;
		116	}
		117
		118	return $final_referer;
		119	}