Prevent redirection loop everytime we rely on HTTP_REFERER:

* search tag * delete tag * pagination * display privates only * delete link * new/edit/cancel link return page Move location generation to Utils.php + unit tests. Fixes #256 ninja
author: ArthurHoaro <arthur@hoa.ro> 2015-07-06 10:22:00 +0200
committer: ArthurHoaro <arthur@hoa.ro> 2015-07-12 17:43:13 +0200
commit: 775803a05cdba9d7fc1b37af4b15ecd80a8cbcc2 (patch)
tree: 9a161fb97e69880f3ac8a034714418428937db6b /application
parent: 7f1dfd1c12a143b324fbe68213a49de0586febfa (diff)
download: Shaarli-775803a05cdba9d7fc1b37af4b15ecd80a8cbcc2.tar.gz
Shaarli-775803a05cdba9d7fc1b37af4b15ecd80a8cbcc2.tar.zst
Shaarli-775803a05cdba9d7fc1b37af4b15ecd80a8cbcc2.zip
1 files changed, 33 insertions, 1 deletions
diff --git a/application/Utils.php b/application/Utils.php
index a1e97b35..658b97bc 100644
--- a/application/Utils.php
+++ b/application/Utils.php
@@ -84,4 +84,36 @@ function checkDateFormat($format, $string)
    $date = DateTime::createFromFormat($format, $string);
    return $date && $date->format($string) == $string;
 }
-?>
+/**
+ * Generate a header location from HTTP_REFERER.
+ * Make sure the referer is Shaarli itself and prevent redirection loop.
+ *
+ * @param string $referer - HTTP_REFERER.
+ * @param string $host - Server HOST.
+ * @param array $loopTerms - Contains list of term to prevent redirection loop.
+ *
+ * @return string $referer - final referer.
+ */
+function generateLocation($referer, $host, $loopTerms = array())
+{
+    $final_referer = '?';
+    // No referer if it contains any value in $loopCriteria.
+    foreach ($loopTerms as $value) {
+        if (strpos($referer, $value) !== false) {
+            return $final_referer;
+        }
+    }
+    // Remove port from HTTP_HOST
+    if ($pos = strpos($host, ':')) {
+        $host = substr($host, 0, $pos);
+    }
+    if (!empty($referer) && strpos(parse_url($referer, PHP_URL_HOST), $host) !== false) {
+        $final_referer = $referer;
+    }
+    return $final_referer;
+}
author	ArthurHoaro <arthur@hoa.ro>	2015-07-06 10:22:00 +0200
committer	ArthurHoaro <arthur@hoa.ro>	2015-07-12 17:43:13 +0200
commit	775803a05cdba9d7fc1b37af4b15ecd80a8cbcc2 (patch)
tree	9a161fb97e69880f3ac8a034714418428937db6b /application
parent	7f1dfd1c12a143b324fbe68213a49de0586febfa (diff)
download	Shaarli-775803a05cdba9d7fc1b37af4b15ecd80a8cbcc2.tar.gz Shaarli-775803a05cdba9d7fc1b37af4b15ecd80a8cbcc2.tar.zst Shaarli-775803a05cdba9d7fc1b37af4b15ecd80a8cbcc2.zip

diff --git a/application/Utils.php b/application/Utils.php index a1e97b35..658b97bc 100644 --- a/application/Utils.php +++ b/application/Utils.php
@@ -84,4 +84,36 @@ function checkDateFormat($format, $string)
84	$date = DateTime::createFromFormat($format, $string);	84	$date = DateTime::createFromFormat($format, $string);
85	return $date && $date->format($string) == $string;	85	return $date && $date->format($string) == $string;
86	}	86	}
87	?>	87
		88	/**
		89	* Generate a header location from HTTP_REFERER.
		90	* Make sure the referer is Shaarli itself and prevent redirection loop.
		91	*
		92	* @param string $referer - HTTP_REFERER.
		93	* @param string $host - Server HOST.
		94	* @param array $loopTerms - Contains list of term to prevent redirection loop.
		95	*
		96	* @return string $referer - final referer.
		97	*/
		98	function generateLocation($referer, $host, $loopTerms = array())
		99	{
		100	$final_referer = '?';
		101
		102	// No referer if it contains any value in $loopCriteria.
		103	foreach ($loopTerms as $value) {
		104	if (strpos($referer, $value) !== false) {
		105	return $final_referer;
		106	}
		107	}
		108
		109	// Remove port from HTTP_HOST
		110	if ($pos = strpos($host, ':')) {
		111	$host = substr($host, 0, $pos);
		112	}
		113
		114	if (!empty($referer) && strpos(parse_url($referer, PHP_URL_HOST), $host) !== false) {
		115	$final_referer = $referer;
		116	}
		117
		118	return $final_referer;
		119	}