* sanitize: never rewrite relative links to our own prefix
* use Config::get_self_url() instead of get_self_url_prefix() in a bunch of places
This commit is contained in:
parent
6f835ded78
commit
70adfd4a74
|
@ -273,7 +273,7 @@ class DiskCache {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function get_url($filename) {
|
public function get_url($filename) {
|
||||||
return get_self_url_prefix() . "/public.php?op=cached&file=" . basename($this->dir) . "/" . basename($filename);
|
return Config::get_self_url() . "/public.php?op=cached&file=" . basename($this->dir) . "/" . basename($filename);
|
||||||
}
|
}
|
||||||
|
|
||||||
// check for locally cached (media) URLs and rewrite to local versions
|
// check for locally cached (media) URLs and rewrite to local versions
|
||||||
|
|
|
@ -64,7 +64,7 @@ class Handler_Public extends Handler {
|
||||||
$feed_site_url = $qfh_ret[2];
|
$feed_site_url = $qfh_ret[2];
|
||||||
/* $last_error = $qfh_ret[3]; */
|
/* $last_error = $qfh_ret[3]; */
|
||||||
|
|
||||||
$feed_self_url = get_self_url_prefix() .
|
$feed_self_url = Config::get_self_url() .
|
||||||
"/public.php?op=rss&id=$feed&key=" .
|
"/public.php?op=rss&id=$feed&key=" .
|
||||||
Feeds::_get_access_key($feed, false, $owner_uid);
|
Feeds::_get_access_key($feed, false, $owner_uid);
|
||||||
|
|
||||||
|
@ -177,10 +177,8 @@ class Handler_Public extends Handler {
|
||||||
|
|
||||||
$feed['title'] = $feed_title;
|
$feed['title'] = $feed_title;
|
||||||
$feed['feed_url'] = $feed_self_url;
|
$feed['feed_url'] = $feed_self_url;
|
||||||
|
$feed['self_url'] = Config::get_self_url();
|
||||||
$feed['self_url'] = get_self_url_prefix();
|
$feed['articles'] = [];
|
||||||
|
|
||||||
$feed['articles'] = array();
|
|
||||||
|
|
||||||
while ($line = $result->fetch()) {
|
while ($line = $result->fetch()) {
|
||||||
|
|
||||||
|
@ -403,7 +401,7 @@ class Handler_Public extends Handler {
|
||||||
if ($_REQUEST['return'] && mb_strpos($return, Config::get(Config::SELF_URL_PATH)) === 0) {
|
if ($_REQUEST['return'] && mb_strpos($return, Config::get(Config::SELF_URL_PATH)) === 0) {
|
||||||
header("Location: " . clean($_REQUEST['return']));
|
header("Location: " . clean($_REQUEST['return']));
|
||||||
} else {
|
} else {
|
||||||
header("Location: " . get_self_url_prefix());
|
header("Location: " . Config::get_self_url());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -780,7 +778,7 @@ class Handler_Public extends Handler {
|
||||||
|
|
||||||
$timestamp = date("Y-m-d", strtotime($timestamp));
|
$timestamp = date("Y-m-d", strtotime($timestamp));
|
||||||
|
|
||||||
return "tag:" . parse_url(get_self_url_prefix(), PHP_URL_HOST) . ",$timestamp:/$id";
|
return "tag:" . parse_url(Config::get_self_url(), PHP_URL_HOST) . ",$timestamp:/$id";
|
||||||
}
|
}
|
||||||
|
|
||||||
// this should be used very carefully because this endpoint is exposed to unauthenticated users
|
// this should be used very carefully because this endpoint is exposed to unauthenticated users
|
||||||
|
|
|
@ -635,7 +635,7 @@ class OPML extends Handler_Protected {
|
||||||
}
|
}
|
||||||
|
|
||||||
static function get_publish_url(){
|
static function get_publish_url(){
|
||||||
return get_self_url_prefix() .
|
return Config::get_self_url() .
|
||||||
"/public.php?op=publishOpml&key=" .
|
"/public.php?op=publishOpml&key=" .
|
||||||
Feeds::_get_access_key('OPML:Publish', false, $_SESSION["uid"]);
|
Feeds::_get_access_key('OPML:Publish', false, $_SESSION["uid"]);
|
||||||
}
|
}
|
||||||
|
|
|
@ -609,7 +609,7 @@ class PluginHost {
|
||||||
|
|
||||||
// handled by classes/pluginhandler.php, requires valid session
|
// handled by classes/pluginhandler.php, requires valid session
|
||||||
function get_method_url(Plugin $sender, string $method, $params = []) {
|
function get_method_url(Plugin $sender, string $method, $params = []) {
|
||||||
return get_self_url_prefix() . "/backend.php?" .
|
return Config::get_self_url() . "/backend.php?" .
|
||||||
http_build_query(
|
http_build_query(
|
||||||
array_merge(
|
array_merge(
|
||||||
[
|
[
|
||||||
|
@ -622,7 +622,7 @@ class PluginHost {
|
||||||
|
|
||||||
// shortcut syntax (disabled for now)
|
// shortcut syntax (disabled for now)
|
||||||
/* function get_method_url(Plugin $sender, string $method, $params) {
|
/* function get_method_url(Plugin $sender, string $method, $params) {
|
||||||
return get_self_url_prefix() . "/backend.php?" .
|
return Config::get_self_url() . "/backend.php?" .
|
||||||
http_build_query(
|
http_build_query(
|
||||||
array_merge(
|
array_merge(
|
||||||
[
|
[
|
||||||
|
@ -634,7 +634,7 @@ class PluginHost {
|
||||||
// WARNING: endpoint in public.php, exposed to unauthenticated users
|
// WARNING: endpoint in public.php, exposed to unauthenticated users
|
||||||
function get_public_method_url(Plugin $sender, string $method, $params = []) {
|
function get_public_method_url(Plugin $sender, string $method, $params = []) {
|
||||||
if ($sender->is_public_method($method)) {
|
if ($sender->is_public_method($method)) {
|
||||||
return get_self_url_prefix() . "/public.php?" .
|
return Config::get_self_url() . "/public.php?" .
|
||||||
http_build_query(
|
http_build_query(
|
||||||
array_merge(
|
array_merge(
|
||||||
[
|
[
|
||||||
|
|
|
@ -1278,7 +1278,7 @@ class Pref_Feeds extends Handler_Protected {
|
||||||
$is_cat = clean($_REQUEST['is_cat']) == "true";
|
$is_cat = clean($_REQUEST['is_cat']) == "true";
|
||||||
$search = clean($_REQUEST['search']);
|
$search = clean($_REQUEST['search']);
|
||||||
|
|
||||||
$link = get_self_url_prefix() . "/public.php?" . http_build_query([
|
$link = Config::get_self_url() . "/public.php?" . http_build_query([
|
||||||
'op' => 'rss',
|
'op' => 'rss',
|
||||||
'id' => $feed_id,
|
'id' => $feed_id,
|
||||||
'is_cat' => (int)$is_cat,
|
'is_cat' => (int)$is_cat,
|
||||||
|
|
|
@ -175,7 +175,7 @@ class RPC extends Handler_Protected {
|
||||||
$error_params = [];
|
$error_params = [];
|
||||||
|
|
||||||
$client_scheme = parse_url($client_location, PHP_URL_SCHEME);
|
$client_scheme = parse_url($client_location, PHP_URL_SCHEME);
|
||||||
$server_scheme = parse_url(get_self_url_prefix(), PHP_URL_SCHEME);
|
$server_scheme = parse_url(Config::get_self_url(), PHP_URL_SCHEME);
|
||||||
|
|
||||||
if (get_schema_version() != SCHEMA_VERSION) {
|
if (get_schema_version() != SCHEMA_VERSION) {
|
||||||
$error = Errors::E_SCHEMA_MISMATCH;
|
$error = Errors::E_SCHEMA_MISMATCH;
|
||||||
|
@ -183,7 +183,7 @@ class RPC extends Handler_Protected {
|
||||||
$error = Errors::E_URL_SCHEME_MISMATCH;
|
$error = Errors::E_URL_SCHEME_MISMATCH;
|
||||||
$error_params["client_scheme"] = $client_scheme;
|
$error_params["client_scheme"] = $client_scheme;
|
||||||
$error_params["server_scheme"] = $server_scheme;
|
$error_params["server_scheme"] = $server_scheme;
|
||||||
$error_params["self_url_path"] = get_self_url_prefix();
|
$error_params["self_url_path"] = Config::get_self_url();
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($error == Errors::E_SUCCESS) {
|
if ($error == Errors::E_SUCCESS) {
|
||||||
|
@ -463,7 +463,7 @@ class RPC extends Handler_Protected {
|
||||||
$max_feed_id = $row["mid"];
|
$max_feed_id = $row["mid"];
|
||||||
$num_feeds = $row["nf"];
|
$num_feeds = $row["nf"];
|
||||||
|
|
||||||
$params["self_url_prefix"] = get_self_url_prefix();
|
$params["self_url_prefix"] = Config::get_self_url();
|
||||||
$params["max_feed_id"] = (int) $max_feed_id;
|
$params["max_feed_id"] = (int) $max_feed_id;
|
||||||
$params["num_feeds"] = (int) $num_feeds;
|
$params["num_feeds"] = (int) $num_feeds;
|
||||||
$params["hotkeys"] = $this->get_hotkeys_map();
|
$params["hotkeys"] = $this->get_hotkeys_map();
|
||||||
|
|
|
@ -64,7 +64,9 @@ class Sanitizer {
|
||||||
$doc->loadHTML('<?xml encoding="UTF-8">' . $res);
|
$doc->loadHTML('<?xml encoding="UTF-8">' . $res);
|
||||||
$xpath = new DOMXPath($doc);
|
$xpath = new DOMXPath($doc);
|
||||||
|
|
||||||
$rewrite_base_url = $site_url ? $site_url : get_self_url_prefix();
|
// is it a good idea to possibly rewrite urls to our own prefix?
|
||||||
|
// $rewrite_base_url = $site_url ? $site_url : Config::get_self_url();
|
||||||
|
$rewrite_base_url = $site_url ? $site_url : "http://domain.invalid/";
|
||||||
|
|
||||||
$entries = $xpath->query('(//a[@href]|//img[@src]|//source[@srcset|@src])');
|
$entries = $xpath->query('(//a[@href]|//img[@src]|//source[@srcset|@src])');
|
||||||
|
|
||||||
|
|
|
@ -217,7 +217,7 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
// this returns Config::SELF_URL_PATH sans ending slash
|
// this returns Config::SELF_URL_PATH sans ending slash
|
||||||
/** function is @deprecated */
|
/** function is @deprecated by Config::get_self_url() */
|
||||||
function get_self_url_prefix() {
|
function get_self_url_prefix() {
|
||||||
return Config::get_self_url();
|
return Config::get_self_url();
|
||||||
}
|
}
|
||||||
|
|
|
@ -146,7 +146,7 @@ class Bookmarklets extends Plugin {
|
||||||
|
|
||||||
if ($feed_id) {
|
if ($feed_id) {
|
||||||
?>
|
?>
|
||||||
<form method='GET' action="<?= htmlspecialchars(get_self_url_prefix() . "/prefs.php") ?>">
|
<form method='GET' action="<?= htmlspecialchars(Config::get_self_url() . "/prefs.php") ?>">
|
||||||
<input type='hidden' name='tab' value='feeds'>
|
<input type='hidden' name='tab' value='feeds'>
|
||||||
<input type='hidden' name='method' value='editfeed'>
|
<input type='hidden' name='method' value='editfeed'>
|
||||||
<input type='hidden' name='methodparam' value="<?= $feed_id ?>">
|
<input type='hidden' name='methodparam' value="<?= $feed_id ?>">
|
||||||
|
|
Loading…
Reference in New Issue