Changeset 782 for branches/1.1dev/lib
- Timestamp:
- Mar 3, 2023 4:39:34 AM (14 months ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/1.1dev/lib/App.inc.php
r758 r782 308 308 return false; 309 309 } 310 if ($url == absoluteMe() ) {310 if ($url == absoluteMe() || $url == getenv('REQUEST_URI')) { 311 311 // The URL we are directing to is not the current page. 312 logMsg(sprintf('Boomerang URL not valid, same as absoluteMe : %s', $url), LOG_DEBUG, __FILE__, __LINE__);312 logMsg(sprintf('Boomerang URL not valid, same as absoluteMe or REQUEST_URI: %s', $url), LOG_DEBUG, __FILE__, __LINE__); 313 313 return false; 314 314 } … … 343 343 if (isset($id) && isset($_SESSION['_boomerang']['url'][$id])) { 344 344 $url = $_SESSION['_boomerang']['url'][$id]; 345 logMsg(sprintf('dieBoomerangURL(%s) found: %s', $id, $url), LOG_DEBUG, __FILE__, __LINE__); 345 346 } else { 346 347 $url = end($_SESSION['_boomerang']['url']); 348 logMsg(sprintf('dieBoomerangURL(%s) using: %s', $id, $url), LOG_DEBUG, __FILE__, __LINE__); 347 349 } 348 350 } else if (isset($default_url)) { 349 351 $url = $default_url; 350 } else if (!refererIsMe() ) {352 } else if (!refererIsMe() && '' != getenv('HTTP_REFERER')) { 351 353 // Ensure that the redirecting page is not also the referrer. 352 354 $url = getenv('HTTP_REFERER'); 355 logMsg(sprintf('dieBoomerangURL(%s) using referrer: %s', $id, $url), LOG_DEBUG, __FILE__, __LINE__); 353 356 } else { 354 357 $url = ''; 358 logMsg(sprintf('dieBoomerangURL(%s) using empty: %s', $id, $url), LOG_DEBUG, __FILE__, __LINE__); 355 359 } 356 360 … … 862 866 function absoluteMe() 863 867 { 864 $ protocol = ('on' == getenv('HTTPS')) ? 'https://' : 'http://';865 return $protocol . getenv('HTTP_HOST') . getenv('REQUEST_URI');868 $safe_http_host = preg_replace('/[^a-z\d.:-]/', '', getenv('HTTP_HOST')); 869 return sprintf('%s://%s%s', (getenv('HTTPS') ? 'https' : 'http'), $safe_http_host, getenv('REQUEST_URI')); 866 870 } 867 871 … … 876 880 function refererIsMe($exclude_query=false) 877 881 { 882 $current_url = absoluteMe(); 883 $referrer_url = getenv('HTTP_REFERER'); 884 885 // If one of the hostnames is an IP address, compare only the path of both. 886 if (preg_match('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/', parse_url($current_url, PHP_URL_HOST)) || preg_match('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/', parse_url($referrer_url, PHP_URL_HOST))) { 887 $current_url = preg_replace('@^https?://[^/]+@u', '', $current_url); 888 $referrer_url = preg_replace('@^https?://[^/]+@u', '', $referrer_url); 889 } 890 878 891 if ($exclude_query) { 879 return (stripQuery( absoluteMe()) == stripQuery(getenv('HTTP_REFERER')));892 return (stripQuery($current_url) == stripQuery($referrer_url)); 880 893 } else { 881 return (absoluteMe() == getenv('HTTP_REFERER')); 882 } 883 } 884 885 ?> 894 logMsg(sprintf('refererIsMe comparison: %s == %s', $current_url, $referrer_url), LOG_DEBUG, __FILE__, __LINE__); 895 return ($current_url == $referrer_url); 896 } 897 }
Note: See TracChangeset
for help on using the changeset viewer.