* sanitize: never rewrite relative links to our own prefix
* use Config::get_self_url() instead of get_self_url_prefix() in a bunch of places
This commit is contained in:
Andrew Dolgov
parent
6f835ded78
commit
70adfd4a74
|
|
@ -273,7 +273,7 @@ class DiskCache {
|
|||
}
|
||||
|
||||
public function get_url($filename) {
|
||||
return get_self_url_prefix() . "/public.php?op=cached&file=" . basename($this->dir) . "/" . basename($filename);
|
||||
return Config::get_self_url() . "/public.php?op=cached&file=" . basename($this->dir) . "/" . basename($filename);
|
||||
}
|
||||
|
||||
// check for locally cached (media) URLs and rewrite to local versions
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@ class Handler_Public extends Handler {
|
|||
$feed_site_url = $qfh_ret[2];
|
||||
/* $last_error = $qfh_ret[3]; */
|
||||
|
||||
$feed_self_url = get_self_url_prefix() .
|
||||
$feed_self_url = Config::get_self_url() .
|
||||
"/public.php?op=rss&id=$feed&key=" .
|
||||
Feeds::_get_access_key($feed, false, $owner_uid);
|
||||
|
||||
|
|
@ -177,10 +177,8 @@ class Handler_Public extends Handler {
|
|||
|
||||
$feed['title'] = $feed_title;
|
||||
$feed['feed_url'] = $feed_self_url;
|
||||
|
||||
$feed['self_url'] = get_self_url_prefix();
|
||||
|
||||
$feed['articles'] = array();
|
||||
$feed['self_url'] = Config::get_self_url();
|
||||
$feed['articles'] = [];
|
||||
|
||||
while ($line = $result->fetch()) {
|
||||
|
||||
|
|
@ -403,7 +401,7 @@ class Handler_Public extends Handler {
|
|||
if ($_REQUEST['return'] && mb_strpos($return, Config::get(Config::SELF_URL_PATH)) === 0) {
|
||||
header("Location: " . clean($_REQUEST['return']));
|
||||
} else {
|
||||
header("Location: " . get_self_url_prefix());
|
||||
header("Location: " . Config::get_self_url());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -780,7 +778,7 @@ class Handler_Public extends Handler {
|
|||
|
||||
$timestamp = date("Y-m-d", strtotime($timestamp));
|
||||
|
||||
return "tag:" . parse_url(get_self_url_prefix(), PHP_URL_HOST) . ",$timestamp:/$id";
|
||||
return "tag:" . parse_url(Config::get_self_url(), PHP_URL_HOST) . ",$timestamp:/$id";
|
||||
}
|
||||
|
||||
// this should be used very carefully because this endpoint is exposed to unauthenticated users
|
||||
|
|
|
|||
|
|
@ -635,7 +635,7 @@ class OPML extends Handler_Protected {
|
|||
}
|
||||
|
||||
static function get_publish_url(){
|
||||
return get_self_url_prefix() .
|
||||
return Config::get_self_url() .
|
||||
"/public.php?op=publishOpml&key=" .
|
||||
Feeds::_get_access_key('OPML:Publish', false, $_SESSION["uid"]);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -609,7 +609,7 @@ class PluginHost {
|
|||
|
||||
// handled by classes/pluginhandler.php, requires valid session
|
||||
function get_method_url(Plugin $sender, string $method, $params = []) {
|
||||
return get_self_url_prefix() . "/backend.php?" .
|
||||
return Config::get_self_url() . "/backend.php?" .
|
||||
http_build_query(
|
||||
array_merge(
|
||||
[
|
||||
|
|
@ -622,7 +622,7 @@ class PluginHost {
|
|||
|
||||
// shortcut syntax (disabled for now)
|
||||
/* function get_method_url(Plugin $sender, string $method, $params) {
|
||||
return get_self_url_prefix() . "/backend.php?" .
|
||||
return Config::get_self_url() . "/backend.php?" .
|
||||
http_build_query(
|
||||
array_merge(
|
||||
[
|
||||
|
|
@ -634,7 +634,7 @@ class PluginHost {
|
|||
// WARNING: endpoint in public.php, exposed to unauthenticated users
|
||||
function get_public_method_url(Plugin $sender, string $method, $params = []) {
|
||||
if ($sender->is_public_method($method)) {
|
||||
return get_self_url_prefix() . "/public.php?" .
|
||||
return Config::get_self_url() . "/public.php?" .
|
||||
http_build_query(
|
||||
array_merge(
|
||||
[
|
||||
|
|
|
|||
|
|
@ -1278,7 +1278,7 @@ class Pref_Feeds extends Handler_Protected {
|
|||
$is_cat = clean($_REQUEST['is_cat']) == "true";
|
||||
$search = clean($_REQUEST['search']);
|
||||
|
||||
$link = get_self_url_prefix() . "/public.php?" . http_build_query([
|
||||
$link = Config::get_self_url() . "/public.php?" . http_build_query([
|
||||
'op' => 'rss',
|
||||
'id' => $feed_id,
|
||||
'is_cat' => (int)$is_cat,
|
||||
|
|
|
|||
|
|
@ -175,7 +175,7 @@ class RPC extends Handler_Protected {
|
|||
$error_params = [];
|
||||
|
||||
$client_scheme = parse_url($client_location, PHP_URL_SCHEME);
|
||||
$server_scheme = parse_url(get_self_url_prefix(), PHP_URL_SCHEME);
|
||||
$server_scheme = parse_url(Config::get_self_url(), PHP_URL_SCHEME);
|
||||
|
||||
if (get_schema_version() != SCHEMA_VERSION) {
|
||||
$error = Errors::E_SCHEMA_MISMATCH;
|
||||
|
|
@ -183,7 +183,7 @@ class RPC extends Handler_Protected {
|
|||
$error = Errors::E_URL_SCHEME_MISMATCH;
|
||||
$error_params["client_scheme"] = $client_scheme;
|
||||
$error_params["server_scheme"] = $server_scheme;
|
||||
$error_params["self_url_path"] = get_self_url_prefix();
|
||||
$error_params["self_url_path"] = Config::get_self_url();
|
||||
}
|
||||
|
||||
if ($error == Errors::E_SUCCESS) {
|
||||
|
|
@ -463,7 +463,7 @@ class RPC extends Handler_Protected {
|
|||
$max_feed_id = $row["mid"];
|
||||
$num_feeds = $row["nf"];
|
||||
|
||||
$params["self_url_prefix"] = get_self_url_prefix();
|
||||
$params["self_url_prefix"] = Config::get_self_url();
|
||||
$params["max_feed_id"] = (int) $max_feed_id;
|
||||
$params["num_feeds"] = (int) $num_feeds;
|
||||
$params["hotkeys"] = $this->get_hotkeys_map();
|
||||
|
|
|
|||
|
|
@ -64,7 +64,9 @@ class Sanitizer {
|
|||
$doc->loadHTML('<?xml encoding="UTF-8">' . $res);
|
||||
$xpath = new DOMXPath($doc);
|
||||
|
||||
$rewrite_base_url = $site_url ? $site_url : get_self_url_prefix();
|
||||
// is it a good idea to possibly rewrite urls to our own prefix?
|
||||
// $rewrite_base_url = $site_url ? $site_url : Config::get_self_url();
|
||||
$rewrite_base_url = $site_url ? $site_url : "http://domain.invalid/";
|
||||
|
||||
$entries = $xpath->query('(//a[@href]|//img[@src]|//source[@srcset|@src])');
|
||||
|
||||
|
|
|
|||
|
|
@ -217,7 +217,7 @@
|
|||
}
|
||||
|
||||
// this returns Config::SELF_URL_PATH sans ending slash
|
||||
/** function is @deprecated */
|
||||
/** function is @deprecated by Config::get_self_url() */
|
||||
function get_self_url_prefix() {
|
||||
return Config::get_self_url();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -146,7 +146,7 @@ class Bookmarklets extends Plugin {
|
|||
|
||||
if ($feed_id) {
|
||||
?>
|
||||
<form method='GET' action="<?= htmlspecialchars(get_self_url_prefix() . "/prefs.php") ?>">
|
||||
<form method='GET' action="<?= htmlspecialchars(Config::get_self_url() . "/prefs.php") ?>">
|
||||
<input type='hidden' name='tab' value='feeds'>
|
||||
<input type='hidden' name='method' value='editfeed'>
|
||||
<input type='hidden' name='methodparam' value="<?= $feed_id ?>">
|
||||
|
|
|
|||
Loading…
Reference in New Issue