egroupware_official/redirect.php

<?php
	/**************************************************************************\
	* eGroupWare - save redirect script                                        *
	* idea by: Jason Wies <jason@xc.net>                                       *
	* doing and adding to cvs: Lars Kneschke <lkneschke@linux-at-work.de>      *
	* http://www.egroupware.org                                                *
	* --------------------------------------------                             *
	*  This program is free software; you can redistribute it and/or modify it *
	*  under the terms of the GNU General Public License as published by the   *
	*  Free Software Foundation; either version 2 of the License, or (at your  *
	*  option) any later version.                                              *
	\**************************************************************************/

	/* $Id$ */

	/*
	  Use this script when you want to link to a external url.
	  This way you don't send something like sessionid as referer

	  Use this in your app:

	  "<a href=\"$webserverURL/redirect.php?go=".htmlentities(urlencode('http://www.egroupware.org')).'">'
	*/

	if(!function_exists('html_entity_decode'))
	{
		function html_entity_decode($given_html, $quote_style = ENT_QUOTES)
		{
			$trans_table = array_flip(get_html_translation_table( HTML_SPECIALCHARS, $quote_style));
			$trans_table['&#39;'] = "'";
			return(strtr($given_html, $trans_table));
		}
	}

	/* Only allow redirects with a valid session */
	$GLOBALS['egw_info'] = array(
		'flags' => array(
			'noheader'   => True,
			'nonavbar'   => True,
			'currentapp' => 'home'
		)
	);
	include('./header.inc.php');


	/* Only allow redirects from inside this eGroupware installation. */
	$valid_referer = array();
	$path = preg_replace('/\/[^\/]*$/','',$_SERVER['PHP_SELF']) . '/';
	array_push($valid_referer, $path);
	array_push($valid_referer, ($_SERVER['HTTPS'] ? 'https://' : 'http://') . $_SERVER['SERVER_ADDR'] . $path);
	array_push($valid_referer, ($_SERVER['HTTPS'] ? 'https://' : 'http://') . $_SERVER['SERVER_NAME'] . $path);

	$referrer = trim($_SERVER['HTTP_REFERER']);
	if ((!isset($_SERVER['HTTP_REFERER'])) || (empty($referrer)))
	{
		echo "Only usable from within eGroupware.\n";
	}
	else if($_GET['go'])
	{
		$allow = false;
		foreach ($valid_referer as $urlRoot)
		{
			/* Check if the referrer begins with a valid URL. */
			if (strncmp($urlRoot, $referrer, strlen($urlRoot)) == 0)
			{
				$allow = true;
				break;
			}
		}
		if ($allow)
		{
			$url= html_entity_decode(urldecode($_GET['go']));
			unset($_GET['go']);
			/* Only add "&" if there is something to append. */
			if (!empty($_GET))
			{
				$url=$url."&".http_build_query($_GET);
			}

			Header('Location: ' . html_entity_decode(urldecode($url)));
			exit;
		}
		else
		{
			echo "Redirect not allowed for referrer '".$_SERVER['HTTP_REFERER']."'.\n";
			echo "<pre>";
			print_r($valid_referer);
			echo "<pre>\n";
		}
	}
	else
	{
		echo "Error redirecting.";
	}
?>
we can use this file, to hide the refferer to external websites use it like this: /phpgroupware/index.php?go=http%3A%2F%2Fexternal.host.com need still some tweaking :) 2001-12-31 13:44:47 +01:00			`<?php`
			`/**************************************************************************\`
Spellcheck 2003-12-31 14:18:12 +01:00			`* eGroupWare - save redirect script *`
we can use this file, to hide the refferer to external websites use it like this: /phpgroupware/index.php?go=http%3A%2F%2Fexternal.host.com need still some tweaking :) 2001-12-31 13:44:47 +01:00			`* idea by: Jason Wies <jason@xc.net> *`
			`* doing and adding to cvs: Lars Kneschke <lkneschke@linux-at-work.de> *`
Spellcheck 2003-12-31 14:18:12 +01:00			`* http://www.egroupware.org *`
we can use this file, to hide the refferer to external websites use it like this: /phpgroupware/index.php?go=http%3A%2F%2Fexternal.host.com need still some tweaking :) 2001-12-31 13:44:47 +01:00			`* -------------------------------------------- *`
			`* This program is free software; you can redistribute it and/or modify it *`
			`* under the terms of the GNU General Public License as published by the *`
			`* Free Software Foundation; either version 2 of the License, or (at your *`
			`* option) any later version. *`
			`\**************************************************************************/`
From tracker 2276: Restrict redirect.php to allow requests only from within eGroupware. HTTP_REFERER is checked against the egroupware path. A valid session is now required. 2010-04-13 21:27:54 +02:00
we can use this file, to hide the refferer to external websites use it like this: /phpgroupware/index.php?go=http%3A%2F%2Fexternal.host.com need still some tweaking :) 2001-12-31 13:44:47 +01:00			`/* $Id$ */`

updated documentation and make it working correctly 2003-09-11 07:35:51 +02:00			`/*`
			`Use this script when you want to link to a external url.`
Spellcheck 2003-12-31 14:18:12 +01:00			`This way you don't send something like sessionid as referer`
From tracker 2276: Restrict redirect.php to allow requests only from within eGroupware. HTTP_REFERER is checked against the egroupware path. A valid session is now required. 2010-04-13 21:27:54 +02:00
updated documentation and make it working correctly 2003-09-11 07:35:51 +02:00			`Use this in your app:`
From tracker 2276: Restrict redirect.php to allow requests only from within eGroupware. HTTP_REFERER is checked against the egroupware path. A valid session is now required. 2010-04-13 21:27:54 +02:00
updated documentation and make it working correctly 2003-09-11 07:35:51 +02:00			`"<a href=\"$webserverURL/redirect.php?go=".htmlentities(urlencode('http://www.egroupware.org')).'">'`
			`*/`

Add function from php.net manual page for php < 4.3.0 2004-01-10 20:19:53 +01:00			`if(!function_exists('html_entity_decode'))`
			`{`
			`function html_entity_decode($given_html, $quote_style = ENT_QUOTES)`
			`{`
			`$trans_table = array_flip(get_html_translation_table( HTML_SPECIALCHARS, $quote_style));`
			`$trans_table['''] = "'";`
			`return(strtr($given_html, $trans_table));`
			`}`
			`}`

From tracker 2276: Restrict redirect.php to allow requests only from within eGroupware. HTTP_REFERER is checked against the egroupware path. A valid session is now required. 2010-04-13 21:27:54 +02:00			`/* Only allow redirects with a valid session */`
			`$GLOBALS['egw_info'] = array(`
			`'flags' => array(`
			`'noheader' => True,`
			`'nonavbar' => True,`
			`'currentapp' => 'home'`
			`)`
			`);`
			`include('./header.inc.php');`


			`/* Only allow redirects from inside this eGroupware installation. */`
			`$valid_referer = array();`
			`$path = preg_replace('/\/[^\/]*$/','',$_SERVER['PHP_SELF']) . '/';`
			`array_push($valid_referer, $path);`
			`array_push($valid_referer, ($_SERVER['HTTPS'] ? 'https://' : 'http://') . $_SERVER['SERVER_ADDR'] . $path);`
			`array_push($valid_referer, ($_SERVER['HTTPS'] ? 'https://' : 'http://') . $_SERVER['SERVER_NAME'] . $path);`

			`$referrer = trim($_SERVER['HTTP_REFERER']);`
			`if ((!isset($_SERVER['HTTP_REFERER'])) \|\| (empty($referrer)))`
			`{`
			`echo "Only usable from within eGroupware.\n";`
			`}`
			`else if($_GET['go'])`
we can use this file, to hide the refferer to external websites use it like this: /phpgroupware/index.php?go=http%3A%2F%2Fexternal.host.com need still some tweaking :) 2001-12-31 13:44:47 +01:00			`{`
From tracker 2276: Restrict redirect.php to allow requests only from within eGroupware. HTTP_REFERER is checked against the egroupware path. A valid session is now required. 2010-04-13 21:27:54 +02:00			`$allow = false;`
			`foreach ($valid_referer as $urlRoot)`
			`{`
			`/* Check if the referrer begins with a valid URL. */`
			`if (strncmp($urlRoot, $referrer, strlen($urlRoot)) == 0)`
			`{`
			`$allow = true;`
			`break;`
			`}`
			`}`
			`if ($allow)`
			`{`
			`$url= html_entity_decode(urldecode($_GET['go']));`
			`unset($_GET['go']);`
			`/* Only add "&" if there is something to append. */`
			`if (!empty($_GET))`
			`{`
			`$url=$url."&".http_build_query($_GET);`
			`}`
redirection via go, by rebuilding the query string; suggested by zorg; seems to work without sideeffects in my enviroment; please give feedback to the '[eGroupWare-developers] bug with notification,felamimail and redirect' entry 2009-06-19 10:28:03 +02:00
From tracker 2276: Restrict redirect.php to allow requests only from within eGroupware. HTTP_REFERER is checked against the egroupware path. A valid session is now required. 2010-04-13 21:27:54 +02:00			`Header('Location: ' . html_entity_decode(urldecode($url)));`
			`exit;`
			`}`
			`else`
			`{`
			`echo "Redirect not allowed for referrer '".$_SERVER['HTTP_REFERER']."'.\n";`
			`echo "<pre>";`
			`print_r($valid_referer);`
			`echo "<pre>\n";`
			`}`
we can use this file, to hide the refferer to external websites use it like this: /phpgroupware/index.php?go=http%3A%2F%2Fexternal.host.com need still some tweaking :) 2001-12-31 13:44:47 +01:00			`}`
			`else`
			`{`
From tracker 2276: Restrict redirect.php to allow requests only from within eGroupware. HTTP_REFERER is checked against the egroupware path. A valid session is now required. 2010-04-13 21:27:54 +02:00			`echo "Error redirecting.";`
we can use this file, to hide the refferer to external websites use it like this: /phpgroupware/index.php?go=http%3A%2F%2Fexternal.host.com need still some tweaking :) 2001-12-31 13:44:47 +01:00			`}`
Spellcheck 2003-12-31 14:18:12 +01:00			`?>`