From 9f32f8115dc3c340cf4e9890aec51f24b886701f Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Fri, 15 Nov 2019 13:56:00 +0100 Subject: [PATCH] fixing proxy url --- redirect.php | 151 +++++++++++++++++++++++++-------------------------- 1 file changed, 74 insertions(+), 77 deletions(-) diff --git a/redirect.php b/redirect.php index b4db6c7f0b..e6cda9cd12 100644 --- a/redirect.php +++ b/redirect.php @@ -1,95 +1,92 @@ * - * doing and adding to cvs: Lars Kneschke * - * http://www.egroupware.org * - * -------------------------------------------- * - * This program is free software; you can redistribute it and/or modify it * - * under the terms of the GNU General Public License as published by the * - * Free Software Foundation; either version 2 of the License, or (at your * - * option) any later version. * - \**************************************************************************/ +/** + * EGroupware save redirect script + * + * idea by: Jason Wies + * doing and adding to cvs: Lars Kneschke + * + * @link http://www.egroupware.org + * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License + */ - /* $Id$ */ +use EGroupware\Api; - /* - Use this script when you want to link to a external url. - This way you don't send something like sessionid as referer +/* + Use this script when you want to link to a external url. + This way you don't send something like sessionid as referer - Use this in your app: + Use this in your app: - "' - */ + "' +*/ - if(!function_exists('html_entity_decode')) +if(!function_exists('html_entity_decode')) +{ + function html_entity_decode($given_html, $quote_style = ENT_QUOTES) { - function html_entity_decode($given_html, $quote_style = ENT_QUOTES) + $trans_table = array_flip(get_html_translation_table( HTML_SPECIALCHARS, $quote_style)); + $trans_table['''] = "'"; + return(strtr($given_html, $trans_table)); + } +} + +/* Only allow redirects with a valid session */ +$GLOBALS['egw_info'] = array( + 'flags' => array( + 'noheader' => True, + 'nonavbar' => True, + 'currentapp' => 'home' + ) +); +include('./header.inc.php'); + + +/* Only allow redirects from inside this eGroupware installation. */ +$valid_referer = array(); +$path = preg_replace('/\/[^\/]*$/','',$_SERVER['PHP_SELF']) . '/'; +array_push($valid_referer, $path); +array_push($valid_referer, Api\Header\Http::schema() . '//' . $_SERVER['SERVER_ADDR'] . $path); +array_push($valid_referer, Api\Framework::getUrl($path)); + +$referrer = trim($_SERVER['HTTP_REFERER']); +if ((!isset($_SERVER['HTTP_REFERER'])) || (empty($referrer))) +{ + echo "Only usable from within eGroupware.\n"; +} +else if($_GET['go']) +{ + $allow = false; + foreach ($valid_referer as $urlRoot) + { + /* Check if the referrer begins with a valid URL. */ + if (strncmp($urlRoot, $referrer, strlen($urlRoot)) == 0) { - $trans_table = array_flip(get_html_translation_table( HTML_SPECIALCHARS, $quote_style)); - $trans_table['''] = "'"; - return(strtr($given_html, $trans_table)); + $allow = true; + break; } } - - /* Only allow redirects with a valid session */ - $GLOBALS['egw_info'] = array( - 'flags' => array( - 'noheader' => True, - 'nonavbar' => True, - 'currentapp' => 'home' - ) - ); - include('./header.inc.php'); - - - /* Only allow redirects from inside this eGroupware installation. */ - $valid_referer = array(); - $path = preg_replace('/\/[^\/]*$/','',$_SERVER['PHP_SELF']) . '/'; - array_push($valid_referer, $path); - array_push($valid_referer, ($_SERVER['HTTPS'] ? 'https://' : 'http://') . $_SERVER['SERVER_ADDR'] . $path); - array_push($valid_referer, ($_SERVER['HTTPS'] ? 'https://' : 'http://') . $_SERVER['SERVER_NAME'] . $path); - - $referrer = trim($_SERVER['HTTP_REFERER']); - if ((!isset($_SERVER['HTTP_REFERER'])) || (empty($referrer))) + if ($allow) { - echo "Only usable from within eGroupware.\n"; - } - else if($_GET['go']) - { - $allow = false; - foreach ($valid_referer as $urlRoot) + $url= html_entity_decode(urldecode($_GET['go'])); + unset($_GET['go']); + /* Only add "&" if there is something to append. */ + if (!empty($_GET)) { - /* Check if the referrer begins with a valid URL. */ - if (strncmp($urlRoot, $referrer, strlen($urlRoot)) == 0) - { - $allow = true; - break; - } + $url=$url."&".http_build_query($_GET); } - if ($allow) - { - $url= html_entity_decode(urldecode($_GET['go'])); - unset($_GET['go']); - /* Only add "&" if there is something to append. */ - if (!empty($_GET)) - { - $url=$url."&".http_build_query($_GET); - } - Header('Location: ' . html_entity_decode(urldecode($url))); - exit; - } - else - { - echo "Redirect not allowed for referrer '".$_SERVER['HTTP_REFERER']."'.\n"; - echo "
";
-			print_r($valid_referer);
-			echo "
\n";
-		}
+		Header('Location: ' . html_entity_decode(urldecode($url)));
+		exit;
 	}
 	else
 	{
-		echo "Error redirecting.";
+		echo "Redirect not allowed for referrer '".$_SERVER['HTTP_REFERER']."'.\n";
+		echo "
";
+		print_r($valid_referer);
+		echo "
\n";
 	}
-?>
+}
+else
+{
+	echo "Error redirecting.";
+}