From 5fbabbb9be44711837a1be595c069381574aa84b Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Wed, 29 Jul 2015 15:32:41 +0200 Subject: [PATCH] Fixes #299: prevent 404 on '?edit_link' while logged out - add a use case for edit_link in logged out part. - *really* prevent loops on login screen. --- index.php | 43 ++++++++++++++++++++++++++++++++++++------- 1 file changed, 36 insertions(+), 7 deletions(-) mode change 100644 => 100755 index.php diff --git a/index.php b/index.php old mode 100644 new mode 100755 index e3b612c8..2c731e9f --- a/index.php +++ b/index.php @@ -445,12 +445,30 @@ function ban_canLogin() session_set_cookie_params(0,$cookiedir,$_SERVER['SERVER_NAME']); // 0 means "When browser closes" session_regenerate_id(true); } + // Optional redirect after login: - if (isset($_GET['post'])) { header('Location: ?post='.urlencode($_GET['post']).(!empty($_GET['title'])?'&title='.urlencode($_GET['title']):'').(!empty($_GET['description'])?'&description='.urlencode($_GET['description']):'').(!empty($_GET['source'])?'&source='.urlencode($_GET['source']):'')); exit; } - if (isset($_POST['returnurl'])) - { - if (endsWith($_POST['returnurl'],'?do=login')) { header('Location: ?'); exit; } // Prevent loops over login screen. - header('Location: '.$_POST['returnurl']); exit; + if (isset($_GET['post'])) { + $uri = '?post='. urlencode($_GET['post']); + foreach (array('description', 'source', 'title') as $param) { + if (!empty($_GET[$param])) { + $uri .= '&'.$param.'='.urlencode($_GET[$param]); + } + } + header('Location: '. $uri); + exit; + } + + if (isset($_GET['edit_link'])) { + header('Location: ?edit_link='. escape($_GET['edit_link'])); + exit; + } + + if (isset($_POST['returnurl'])) { + // Prevent loops over login screen. + if (strpos($_POST['returnurl'], 'do=login') === false) { + header('Location: '. escape($_POST['returnurl'])); + exit; + } } header('Location: ?'); exit; } @@ -458,7 +476,14 @@ function ban_canLogin() { ban_loginFailed(); $redir = ''; - if (isset($_GET['post'])) { $redir = '&post='.urlencode($_GET['post']).(!empty($_GET['title'])?'&title='.urlencode($_GET['title']):'').(!empty($_GET['description'])?'&description='.urlencode($_GET['description']):'').(!empty($_GET['source'])?'&source='.urlencode($_GET['source']):''); } + if (isset($_GET['post'])) { + $redir = '?post=' . urlencode($_GET['post']); + foreach (array('description', 'source', 'title') as $param) { + if (!empty($_GET[$param])) { + $redir .= '&' . $param . '=' . urlencode($_GET[$param]); + } + } + } echo ''; // Redirect to login screen. exit; } @@ -1219,6 +1244,11 @@ function renderPage() exit; } + if (isset($_GET['edit_link'])) { + header('Location: ?do=login&edit_link='. escape($_GET['edit_link'])); + exit; + } + $PAGE = new pageBuilder; buildLinkList($PAGE,$LINKSDB); // Compute list of links to display $PAGE->renderPage('linklist'); @@ -1488,7 +1518,6 @@ function renderPage() { $url=$_GET['post']; - // We remove the annoying parameters added by FeedBurner, GoogleFeedProxy, Facebook... $annoyingpatterns = array('/[\?&]utm_source=[^&]*/', '/[\?&]utm_campaign=[^&]*/',