aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xapplication/Utils.php11
-rwxr-xr-xindex.php10
-rwxr-xr-xtests/UtilsTest.php2
3 files changed, 15 insertions, 8 deletions
diff --git a/application/Utils.php b/application/Utils.php
index 1422961d..120333c5 100755
--- a/application/Utils.php
+++ b/application/Utils.php
@@ -97,12 +97,12 @@ function checkDateFormat($format, $string)
97 */ 97 */
98function generateLocation($referer, $host, $loopTerms = array()) 98function generateLocation($referer, $host, $loopTerms = array())
99{ 99{
100 $final_referer = '?'; 100 $finalReferer = '?';
101 101
102 // No referer if it contains any value in $loopCriteria. 102 // No referer if it contains any value in $loopCriteria.
103 foreach ($loopTerms as $value) { 103 foreach ($loopTerms as $value) {
104 if (strpos($referer, $value) !== false) { 104 if (strpos($referer, $value) !== false) {
105 return $final_referer; 105 return $finalReferer;
106 } 106 }
107 } 107 }
108 108
@@ -111,11 +111,12 @@ function generateLocation($referer, $host, $loopTerms = array())
111 $host = substr($host, 0, $pos); 111 $host = substr($host, 0, $pos);
112 } 112 }
113 113
114 if (!empty($referer) && strpos(parse_url($referer, PHP_URL_HOST), $host) !== false) { 114 $refererHost = parse_url($referer, PHP_URL_HOST);
115 $final_referer = $referer; 115 if (!empty($referer) && (strpos($refererHost, $host) !== false || startsWith('?', $refererHost))) {
116 $finalReferer = $referer;
116 } 117 }
117 118
118 return $final_referer; 119 return $finalReferer;
119} 120}
120 121
121/** 122/**
diff --git a/index.php b/index.php
index ea7bf4d1..7383348e 100755
--- a/index.php
+++ b/index.php
@@ -1439,10 +1439,14 @@ function renderPage()
1439 pubsubhub(); 1439 pubsubhub();
1440 1440
1441 // If we are called from the bookmarklet, we must close the popup: 1441 // If we are called from the bookmarklet, we must close the popup:
1442 if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; } 1442 if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) {
1443 $returnurl = ( !empty($_POST['returnurl']) ? escape($_POST['returnurl']) : '?' ); 1443 echo '<script>self.close();</script>';
1444 $returnurl .= '#'.smallHash($_POST['lf_linkdate']); // Scroll to the link which has been edited. 1444 exit;
1445 }
1446
1447 $returnurl = !empty($_POST['returnurl']) ? escape($_POST['returnurl']): '?';
1445 $location = generateLocation($returnurl, $_SERVER['HTTP_HOST'], array('addlink', 'post', 'edit_link')); 1448 $location = generateLocation($returnurl, $_SERVER['HTTP_HOST'], array('addlink', 'post', 'edit_link'));
1449 $location .= '#'.smallHash($_POST['lf_linkdate']); // Scroll to the link which has been edited.
1446 header('Location: '. $location); // After saving the link, redirect to the page the user was on. 1450 header('Location: '. $location); // After saving the link, redirect to the page the user was on.
1447 exit; 1451 exit;
1448 } 1452 }
diff --git a/tests/UtilsTest.php b/tests/UtilsTest.php
index 7f218ad5..311d4bfb 100755
--- a/tests/UtilsTest.php
+++ b/tests/UtilsTest.php
@@ -118,6 +118,8 @@ class UtilsTest extends PHPUnit_Framework_TestCase
118 $this->assertEquals($ref, generateLocation($ref, 'localhost')); 118 $this->assertEquals($ref, generateLocation($ref, 'localhost'));
119 $ref = 'http://localhost:8080/?test'; 119 $ref = 'http://localhost:8080/?test';
120 $this->assertEquals($ref, generateLocation($ref, 'localhost:8080')); 120 $this->assertEquals($ref, generateLocation($ref, 'localhost:8080'));
121 $ref = '?localreferer#hash';
122 $this->assertEquals($ref, generateLocation($ref, 'localhost:8080'));
121 } 123 }
122 124
123 /** 125 /**
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-04 23:10:09 +0000