mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-07 08:34:29 +01:00
fixing proxy url
This commit is contained in:
parent
7cd4169768
commit
9f32f8115d
151
redirect.php
151
redirect.php
@ -1,95 +1,92 @@
|
|||||||
<?php
|
<?php
|
||||||
/**************************************************************************\
|
/**
|
||||||
* eGroupWare - save redirect script *
|
* EGroupware save redirect script
|
||||||
* idea by: Jason Wies <jason@xc.net> *
|
*
|
||||||
* doing and adding to cvs: Lars Kneschke <lkneschke@linux-at-work.de> *
|
* idea by: Jason Wies
|
||||||
* http://www.egroupware.org *
|
* doing and adding to cvs: Lars Kneschke
|
||||||
* -------------------------------------------- *
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify it *
|
* @link http://www.egroupware.org
|
||||||
* under the terms of the GNU General Public License as published by the *
|
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
|
||||||
* Free Software Foundation; either version 2 of the License, or (at your *
|
*/
|
||||||
* option) any later version. *
|
|
||||||
\**************************************************************************/
|
|
||||||
|
|
||||||
/* $Id$ */
|
use EGroupware\Api;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
Use this script when you want to link to a external url.
|
Use this script when you want to link to a external url.
|
||||||
This way you don't send something like sessionid as referer
|
This way you don't send something like sessionid as referer
|
||||||
|
|
||||||
Use this in your app:
|
Use this in your app:
|
||||||
|
|
||||||
"<a href=\"$webserverURL/redirect.php?go=".htmlentities(urlencode('http://www.egroupware.org')).'">'
|
"<a href=\"$webserverURL/redirect.php?go=".htmlentities(urlencode('http://www.egroupware.org')).'">'
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if(!function_exists('html_entity_decode'))
|
if(!function_exists('html_entity_decode'))
|
||||||
|
{
|
||||||
|
function html_entity_decode($given_html, $quote_style = ENT_QUOTES)
|
||||||
{
|
{
|
||||||
function html_entity_decode($given_html, $quote_style = ENT_QUOTES)
|
$trans_table = array_flip(get_html_translation_table( HTML_SPECIALCHARS, $quote_style));
|
||||||
|
$trans_table['''] = "'";
|
||||||
|
return(strtr($given_html, $trans_table));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Only allow redirects with a valid session */
|
||||||
|
$GLOBALS['egw_info'] = array(
|
||||||
|
'flags' => array(
|
||||||
|
'noheader' => True,
|
||||||
|
'nonavbar' => True,
|
||||||
|
'currentapp' => 'home'
|
||||||
|
)
|
||||||
|
);
|
||||||
|
include('./header.inc.php');
|
||||||
|
|
||||||
|
|
||||||
|
/* Only allow redirects from inside this eGroupware installation. */
|
||||||
|
$valid_referer = array();
|
||||||
|
$path = preg_replace('/\/[^\/]*$/','',$_SERVER['PHP_SELF']) . '/';
|
||||||
|
array_push($valid_referer, $path);
|
||||||
|
array_push($valid_referer, Api\Header\Http::schema() . '//' . $_SERVER['SERVER_ADDR'] . $path);
|
||||||
|
array_push($valid_referer, Api\Framework::getUrl($path));
|
||||||
|
|
||||||
|
$referrer = trim($_SERVER['HTTP_REFERER']);
|
||||||
|
if ((!isset($_SERVER['HTTP_REFERER'])) || (empty($referrer)))
|
||||||
|
{
|
||||||
|
echo "Only usable from within eGroupware.\n";
|
||||||
|
}
|
||||||
|
else if($_GET['go'])
|
||||||
|
{
|
||||||
|
$allow = false;
|
||||||
|
foreach ($valid_referer as $urlRoot)
|
||||||
|
{
|
||||||
|
/* Check if the referrer begins with a valid URL. */
|
||||||
|
if (strncmp($urlRoot, $referrer, strlen($urlRoot)) == 0)
|
||||||
{
|
{
|
||||||
$trans_table = array_flip(get_html_translation_table( HTML_SPECIALCHARS, $quote_style));
|
$allow = true;
|
||||||
$trans_table['''] = "'";
|
break;
|
||||||
return(strtr($given_html, $trans_table));
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if ($allow)
|
||||||
/* Only allow redirects with a valid session */
|
|
||||||
$GLOBALS['egw_info'] = array(
|
|
||||||
'flags' => array(
|
|
||||||
'noheader' => True,
|
|
||||||
'nonavbar' => True,
|
|
||||||
'currentapp' => 'home'
|
|
||||||
)
|
|
||||||
);
|
|
||||||
include('./header.inc.php');
|
|
||||||
|
|
||||||
|
|
||||||
/* Only allow redirects from inside this eGroupware installation. */
|
|
||||||
$valid_referer = array();
|
|
||||||
$path = preg_replace('/\/[^\/]*$/','',$_SERVER['PHP_SELF']) . '/';
|
|
||||||
array_push($valid_referer, $path);
|
|
||||||
array_push($valid_referer, ($_SERVER['HTTPS'] ? 'https://' : 'http://') . $_SERVER['SERVER_ADDR'] . $path);
|
|
||||||
array_push($valid_referer, ($_SERVER['HTTPS'] ? 'https://' : 'http://') . $_SERVER['SERVER_NAME'] . $path);
|
|
||||||
|
|
||||||
$referrer = trim($_SERVER['HTTP_REFERER']);
|
|
||||||
if ((!isset($_SERVER['HTTP_REFERER'])) || (empty($referrer)))
|
|
||||||
{
|
{
|
||||||
echo "Only usable from within eGroupware.\n";
|
$url= html_entity_decode(urldecode($_GET['go']));
|
||||||
}
|
unset($_GET['go']);
|
||||||
else if($_GET['go'])
|
/* Only add "&" if there is something to append. */
|
||||||
{
|
if (!empty($_GET))
|
||||||
$allow = false;
|
|
||||||
foreach ($valid_referer as $urlRoot)
|
|
||||||
{
|
{
|
||||||
/* Check if the referrer begins with a valid URL. */
|
$url=$url."&".http_build_query($_GET);
|
||||||
if (strncmp($urlRoot, $referrer, strlen($urlRoot)) == 0)
|
|
||||||
{
|
|
||||||
$allow = true;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
if ($allow)
|
|
||||||
{
|
|
||||||
$url= html_entity_decode(urldecode($_GET['go']));
|
|
||||||
unset($_GET['go']);
|
|
||||||
/* Only add "&" if there is something to append. */
|
|
||||||
if (!empty($_GET))
|
|
||||||
{
|
|
||||||
$url=$url."&".http_build_query($_GET);
|
|
||||||
}
|
|
||||||
|
|
||||||
Header('Location: ' . html_entity_decode(urldecode($url)));
|
Header('Location: ' . html_entity_decode(urldecode($url)));
|
||||||
exit;
|
exit;
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
echo "Redirect not allowed for referrer '".$_SERVER['HTTP_REFERER']."'.\n";
|
|
||||||
echo "<pre>";
|
|
||||||
print_r($valid_referer);
|
|
||||||
echo "<pre>\n";
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
echo "Error redirecting.";
|
echo "Redirect not allowed for referrer '".$_SERVER['HTTP_REFERER']."'.\n";
|
||||||
|
echo "<pre>";
|
||||||
|
print_r($valid_referer);
|
||||||
|
echo "<pre>\n";
|
||||||
}
|
}
|
||||||
?>
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
echo "Error redirecting.";
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user