From 775803a05cdba9d7fc1b37af4b15ecd80a8cbcc2 Mon Sep 17 00:00:00 2001
From: ArthurHoaro <arthur@hoa.ro>
Date: Mon, 6 Jul 2015 10:22:00 +0200
Subject: Prevent redirection loop everytime we rely on HTTP_REFERER:

  * search tag
  * delete tag
  * pagination
  * display privates only
  * delete link
  * new/edit/cancel link return page

Move location generation to Utils.php + unit tests.

Fixes #256

ninja
---
 application/Utils.php | 34 +++++++++++++++++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

(limited to 'application/Utils.php')

diff --git a/application/Utils.php b/application/Utils.php
index a1e97b35..658b97bc 100644
--- a/application/Utils.php
+++ b/application/Utils.php
@@ -84,4 +84,36 @@ function checkDateFormat($format, $string)
     $date = DateTime::createFromFormat($format, $string);
     return $date && $date->format($string) == $string;
 }
-?>
+
+/**
+ * Generate a header location from HTTP_REFERER.
+ * Make sure the referer is Shaarli itself and prevent redirection loop.
+ *
+ * @param string $referer - HTTP_REFERER.
+ * @param string $host - Server HOST.
+ * @param array $loopTerms - Contains list of term to prevent redirection loop.
+ *
+ * @return string $referer - final referer.
+ */
+function generateLocation($referer, $host, $loopTerms = array())
+{
+    $final_referer = '?';
+
+    // No referer if it contains any value in $loopCriteria.
+    foreach ($loopTerms as $value) {
+        if (strpos($referer, $value) !== false) {
+            return $final_referer;
+        }
+    }
+
+    // Remove port from HTTP_HOST
+    if ($pos = strpos($host, ':')) {
+        $host = substr($host, 0, $pos);
+    }
+
+    if (!empty($referer) && strpos(parse_url($referer, PHP_URL_HOST), $host) !== false) {
+        $final_referer = $referer;
+    }
+
+    return $final_referer;
+}
-- 
cgit v1.2.3