fixing proxy url

EGroupware · Nov 15, 2019 · 9f32f81 · 9f32f81
1 parent 7cd4169
commit 9f32f81
Showing 1 changed file with 70 additions and 73 deletions.
diff --git a/redirect.php b/redirect.php
@@ -1,95 +1,92 @@
 <?php
-	/**************************************************************************\
-	* eGroupWare - save redirect script                                        *
-	* idea by: Jason Wies <jason@xc.net>                                       *
-	* doing and adding to cvs: Lars Kneschke <lkneschke@linux-at-work.de>      *
-	* http://www.egroupware.org                                                *
-	* --------------------------------------------                             *
-	*  This program is free software; you can redistribute it and/or modify it *
-	*  under the terms of the GNU General Public License as published by the   *
-	*  Free Software Foundation; either version 2 of the License, or (at your  *
-	*  option) any later version.                                              *
-	\**************************************************************************/
+/**
+ * EGroupware save redirect script
+ *
+ * idea by: Jason Wies
+ * doing and adding to cvs: Lars Kneschke
+ *
+ * @link http://www.egroupware.org
+ * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
+ */
 
-	/* $Id$ */
+use EGroupware\Api;
 
-	/*
-	  Use this script when you want to link to a external url.
-	  This way you don't send something like sessionid as referer
+/*
+  Use this script when you want to link to a external url.
+  This way you don't send something like sessionid as referer
 
-	  Use this in your app:
+  Use this in your app:
 
-	  "<a href=\"$webserverURL/redirect.php?go=".htmlentities(urlencode('http://www.egroupware.org')).'">'
-	*/
+  "<a href=\"$webserverURL/redirect.php?go=".htmlentities(urlencode('http://www.egroupware.org')).'">'
+*/
 
-	if(!function_exists('html_entity_decode'))
+if(!function_exists('html_entity_decode'))
+{
+	function html_entity_decode($given_html, $quote_style = ENT_QUOTES)
 	{
-		function html_entity_decode($given_html, $quote_style = ENT_QUOTES)
-		{
-			$trans_table = array_flip(get_html_translation_table( HTML_SPECIALCHARS, $quote_style));
-			$trans_table['&#39;'] = "'";
-			return(strtr($given_html, $trans_table));
-		}
+		$trans_table = array_flip(get_html_translation_table( HTML_SPECIALCHARS, $quote_style));
+		$trans_table['&#39;'] = "'";
+		return(strtr($given_html, $trans_table));
 	}
+}
 
-	/* Only allow redirects with a valid session */
-	$GLOBALS['egw_info'] = array(
-		'flags' => array(
-			'noheader'   => True,
-			'nonavbar'   => True,
-			'currentapp' => 'home'
-		)
-	);
-	include('./header.inc.php');
+/* Only allow redirects with a valid session */
+$GLOBALS['egw_info'] = array(
+	'flags' => array(
+		'noheader'   => True,
+		'nonavbar'   => True,
+		'currentapp' => 'home'
+	)
+);
+include('./header.inc.php');
 
 
-	/* Only allow redirects from inside this eGroupware installation. */
-	$valid_referer = array();
-	$path = preg_replace('/\/[^\/]*$/','',$_SERVER['PHP_SELF']) . '/';
-	array_push($valid_referer, $path);
-	array_push($valid_referer, ($_SERVER['HTTPS'] ? 'https://' : 'http://') . $_SERVER['SERVER_ADDR'] . $path);
-	array_push($valid_referer, ($_SERVER['HTTPS'] ? 'https://' : 'http://') . $_SERVER['SERVER_NAME'] . $path);
+/* Only allow redirects from inside this eGroupware installation. */
+$valid_referer = array();
+$path = preg_replace('/\/[^\/]*$/','',$_SERVER['PHP_SELF']) . '/';
+array_push($valid_referer, $path);
+array_push($valid_referer, Api\Header\Http::schema() . '//' . $_SERVER['SERVER_ADDR'] . $path);
+array_push($valid_referer, Api\Framework::getUrl($path));
 
-	$referrer = trim($_SERVER['HTTP_REFERER']);
-	if ((!isset($_SERVER['HTTP_REFERER'])) || (empty($referrer)))
+$referrer = trim($_SERVER['HTTP_REFERER']);
+if ((!isset($_SERVER['HTTP_REFERER'])) || (empty($referrer)))
+{
+	echo "Only usable from within eGroupware.\n";
+}
+else if($_GET['go'])
+{
+	$allow = false;
+	foreach ($valid_referer as $urlRoot)
 	{
-		echo "Only usable from within eGroupware.\n";
+		/* Check if the referrer begins with a valid URL. */
+		if (strncmp($urlRoot, $referrer, strlen($urlRoot)) == 0)
+		{
+			$allow = true;
+			break;
+		}
 	}
-	else if($_GET['go'])
+	if ($allow)
 	{
-		$allow = false;
-		foreach ($valid_referer as $urlRoot)
+		$url= html_entity_decode(urldecode($_GET['go']));
+		unset($_GET['go']);
+		/* Only add "&" if there is something to append. */
+		if (!empty($_GET))
 		{
-			/* Check if the referrer begins with a valid URL. */
-			if (strncmp($urlRoot, $referrer, strlen($urlRoot)) == 0)
-			{
-				$allow = true;
-				break;
-			}
+			$url=$url."&".http_build_query($_GET);
 		}
-		if ($allow)
-		{
-			$url= html_entity_decode(urldecode($_GET['go']));
-			unset($_GET['go']);
-			/* Only add "&" if there is something to append. */
-			if (!empty($_GET))
-			{
-				$url=$url."&".http_build_query($_GET);
-			}
 
-			Header('Location: ' . html_entity_decode(urldecode($url)));
-			exit;
-		}
-		else
-		{
-			echo "Redirect not allowed for referrer '".$_SERVER['HTTP_REFERER']."'.\n";
-			echo "<pre>";
-			print_r($valid_referer);
-			echo "<pre>\n";
-		}
+		Header('Location: ' . html_entity_decode(urldecode($url)));
+		exit;
 	}
 	else
 	{
-		echo "Error redirecting.";
+		echo "Redirect not allowed for referrer '".$_SERVER['HTTP_REFERER']."'.\n";
+		echo "<pre>";
+		print_r($valid_referer);
+		echo "<pre>\n";
 	}
-?>
+}
+else
+{
+	echo "Error redirecting.";
+}