From 70adfd4a742775f492bbf09afad2eebb67d4a150 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Tue, 2 Mar 2021 08:16:41 +0300 Subject: * sanitize: never rewrite relative links to our own prefix * use Config::get_self_url() instead of get_self_url_prefix() in a bunch of places --- classes/handler/public.php | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'classes/handler/public.php') diff --git a/classes/handler/public.php b/classes/handler/public.php index d26cf7a35..f7df6fc74 100755 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -64,7 +64,7 @@ class Handler_Public extends Handler { $feed_site_url = $qfh_ret[2]; /* $last_error = $qfh_ret[3]; */ - $feed_self_url = get_self_url_prefix() . + $feed_self_url = Config::get_self_url() . "/public.php?op=rss&id=$feed&key=" . Feeds::_get_access_key($feed, false, $owner_uid); @@ -177,10 +177,8 @@ class Handler_Public extends Handler { $feed['title'] = $feed_title; $feed['feed_url'] = $feed_self_url; - - $feed['self_url'] = get_self_url_prefix(); - - $feed['articles'] = array(); + $feed['self_url'] = Config::get_self_url(); + $feed['articles'] = []; while ($line = $result->fetch()) { @@ -403,7 +401,7 @@ class Handler_Public extends Handler { if ($_REQUEST['return'] && mb_strpos($return, Config::get(Config::SELF_URL_PATH)) === 0) { header("Location: " . clean($_REQUEST['return'])); } else { - header("Location: " . get_self_url_prefix()); + header("Location: " . Config::get_self_url()); } } } @@ -780,7 +778,7 @@ class Handler_Public extends Handler { $timestamp = date("Y-m-d", strtotime($timestamp)); - return "tag:" . parse_url(get_self_url_prefix(), PHP_URL_HOST) . ",$timestamp:/$id"; + return "tag:" . parse_url(Config::get_self_url(), PHP_URL_HOST) . ",$timestamp:/$id"; } // this should be used very carefully because this endpoint is exposed to unauthenticated users -- cgit v1.2.3