diff --git a/boot.php b/boot.php index d55f4b7bc..91f62c4b4 100644 --- a/boot.php +++ b/boot.php @@ -598,21 +598,6 @@ function killme() exit(); } -/** - * @brief Redirect to another URL and terminate this process. - */ -function goaway($path = '') -{ - if (strstr(normalise_link($path), 'http://')) { - $url = $path; - } else { - $url = System::baseUrl() . '/' . ltrim($path, '/'); - } - - header("Location: $url"); - killme(); -} - /** * @brief Returns the user id of locally logged in user or false. * diff --git a/include/api.php b/include/api.php index a2c7f0720..7e54fa382 100644 --- a/include/api.php +++ b/include/api.php @@ -4809,7 +4809,8 @@ function api_friendica_remoteauth() logger($contact['name'] . ' ' . $sec, LOGGER_DEBUG); $dest = ($url ? '&destination_url=' . $url : ''); - goaway( + + System::externalRedirect( $contact['poll'] . '?dfrn_id=' . $dfrn_id . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest diff --git a/include/conversation.php b/include/conversation.php index 2ccdf8fb7..4573f44a4 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -534,7 +534,7 @@ function conversation(App $a, array $items, $mode, $update, $preview = false, $o $page_dropping = ((local_user() && local_user() == $profile_owner) ? true : false); if (!$update) { - $_SESSION['return_url'] = $a->query_string; + $_SESSION['return_path'] = $a->query_string; } $cb = ['items' => $items, 'mode' => $mode, 'update' => $update, 'preview' => $preview]; diff --git a/include/items.php b/include/items.php index 27a7db767..54ae7a82c 100644 --- a/include/items.php +++ b/include/items.php @@ -354,7 +354,7 @@ function drop_item($id) if (!DBA::isResult($item)) { notice(L10n::t('Item not found.') . EOL); - goaway('/network'); + $a->internalRedirect('network'); } if ($item['deleted']) { @@ -401,17 +401,17 @@ function drop_item($id) } // Now check how the user responded to the confirmation query if (!empty($_REQUEST['canceled'])) { - goaway('/display/' . $item['guid']); + $a->internalRedirect('display/' . $item['guid']); } // delete the item Item::deleteForUser(['id' => $item['id']], local_user()); - goaway('/network'); + $a->internalRedirect('network'); //NOTREACHED } else { notice(L10n::t('Permission denied.') . EOL); - goaway('/display/' . $item['guid']); + $a->internalRedirect('display/' . $item['guid']); //NOTREACHED } } diff --git a/mod/admin.php b/mod/admin.php index 2714b0b86..39a28158c 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -82,7 +82,7 @@ function admin_post(App $a) if ($a->isAjax()) { return; } - goaway('admin/'); + $a->internalRedirect('admin/'); return; } @@ -135,7 +135,7 @@ function admin_post(App $a) } } - goaway($return_path); + $a->internalRedirect($return_path); return; // NOTREACHED } @@ -340,7 +340,7 @@ function admin_page_tos_post(App $a) Config::set('system', 'tosprivstatement', $displayprivstatement); Config::set('system', 'tostext', $tostext); - goaway('admin/tos'); + $a->internalRedirect('admin/tos'); return; // NOTREACHED } @@ -429,7 +429,7 @@ function admin_page_blocklist_post(App $a) Config::set('system', 'blocklist', $blocklist); info(L10n::t('Site blocklist updated.') . EOL); } - goaway('admin/blocklist'); + $a->internalRedirect('admin/blocklist'); return; // NOTREACHED } @@ -461,7 +461,7 @@ function admin_page_contactblock_post(App $a) } notice(L10n::tt("%s contact unblocked", "%s contacts unblocked", count($contacts))); } - goaway('admin/contactblock'); + $a->internalRedirect('admin/contactblock'); return; // NOTREACHED } @@ -569,7 +569,7 @@ function admin_page_deleteitem_post(App $a) } info(L10n::t('Item marked for deletion.') . EOL); - goaway('admin/deleteitem'); + $a->internalRedirect('admin/deleteitem'); return; // NOTREACHED } @@ -965,7 +965,7 @@ function admin_page_site_post(App $a) $parsed = @parse_url($new_url); if (!is_array($parsed) || !x($parsed, 'host') || !x($parsed, 'scheme')) { notice(L10n::t("Can not parse base url. Must have at least ://")); - goaway('admin/site'); + $a->internalRedirect('admin/site'); } /* steps: @@ -973,13 +973,13 @@ function admin_page_site_post(App $a) * send relocate for every local user * */ - $old_url = System::baseUrl(true); + $old_url = $a->getBaseURL(true); // Generate host names for relocation the addresses in the format user@address.tld $new_host = str_replace("http://", "@", normalise_link($new_url)); $old_host = str_replace("http://", "@", normalise_link($old_url)); - function update_table($table_name, $fields, $old_url, $new_url) + function update_table(App $a, $table_name, $fields, $old_url, $new_url) { $dbold = DBA::escape($old_url); $dbnew = DBA::escape($new_url); @@ -995,20 +995,20 @@ function admin_page_site_post(App $a) if (!DBA::isResult($r)) { notice("Failed updating '$table_name': " . DBA::errorMessage()); - goaway('admin/site'); + $a->internalRedirect('admin/site'); } } // update tables // update profile links in the format "http://server.tld" - update_table("profile", ['photo', 'thumb'], $old_url, $new_url); - update_table("term", ['url'], $old_url, $new_url); - update_table("contact", ['photo', 'thumb', 'micro', 'url', 'nurl', 'alias', 'request', 'notify', 'poll', 'confirm', 'poco', 'avatar'], $old_url, $new_url); - update_table("gcontact", ['url', 'nurl', 'photo', 'server_url', 'notify', 'alias'], $old_url, $new_url); - update_table("item", ['owner-link', 'author-link', 'body', 'plink', 'tag'], $old_url, $new_url); + update_table($a, "profile", ['photo', 'thumb'], $old_url, $new_url); + update_table($a, "term", ['url'], $old_url, $new_url); + update_table($a, "contact", ['photo', 'thumb', 'micro', 'url', 'nurl', 'alias', 'request', 'notify', 'poll', 'confirm', 'poco', 'avatar'], $old_url, $new_url); + update_table($a, "gcontact", ['url', 'nurl', 'photo', 'server_url', 'notify', 'alias'], $old_url, $new_url); + update_table($a, "item", ['owner-link', 'author-link', 'body', 'plink', 'tag'], $old_url, $new_url); // update profile addresses in the format "user@server.tld" - update_table("contact", ['addr'], $old_host, $new_host); - update_table("gcontact", ['connect', 'addr'], $old_host, $new_host); + update_table($a, "contact", ['addr'], $old_host, $new_host); + update_table($a, "gcontact", ['connect', 'addr'], $old_host, $new_host); // update config Config::set('system', 'hostname', parse_url($new_url, PHP_URL_HOST)); @@ -1024,7 +1024,7 @@ function admin_page_site_post(App $a) info("Relocation started. Could take a while to complete."); - goaway('admin/site'); + $a->internalRedirect('admin/site'); } // end relocate @@ -1298,7 +1298,7 @@ function admin_page_site_post(App $a) Config::set('system', 'rino_encrypt', $rino); info(L10n::t('Site settings updated.') . EOL); - goaway('admin/site'); + $a->internalRedirect('admin/site'); return; // NOTREACHED } @@ -1570,7 +1570,7 @@ function admin_page_dbsync(App $a) Config::set('system', 'build', intval($curr) + 1); } info(L10n::t('Update has been marked successful') . EOL); - goaway('admin/dbsync'); + $a->internalRedirect('admin/dbsync'); } if (($a->argc > 2) && (intval($a->argv[2]) || ($a->argv[2] === 'check'))) { @@ -1745,7 +1745,7 @@ function admin_page_users_post(App $a) user_deny($hash); } } - goaway('admin/users'); + $a->internalRedirect('admin/users'); return; // NOTREACHED } @@ -1768,7 +1768,7 @@ function admin_page_users(App $a) $user = DBA::selectFirst('user', ['username', 'blocked'], ['uid' => $uid]); if (!DBA::isResult($user)) { notice('User not found' . EOL); - goaway('admin/users'); + $a->internalRedirect('admin/users'); return ''; // NOTREACHED } switch ($a->argv[2]) { @@ -1788,7 +1788,7 @@ function admin_page_users(App $a) notice(sprintf(($user['blocked'] ? L10n::t("User '%s' unblocked") : L10n::t("User '%s' blocked")), $user['username']) . EOL); break; } - goaway('admin/users'); + $a->internalRedirect('admin/users'); return ''; // NOTREACHED } @@ -1986,7 +1986,7 @@ function admin_page_addons(App $a) info(L10n::t("Addon %s enabled.", $addon)); } Config::set("system", "addon", implode(", ", $a->addons)); - goaway('admin/addons'); + $a->internalRedirect('admin/addons'); return ''; // NOTREACHED } @@ -2020,7 +2020,7 @@ function admin_page_addons(App $a) '$page' => L10n::t('Addons'), '$toggle' => L10n::t('Toggle'), '$settings' => L10n::t('Settings'), - '$baseurl' => System::baseUrl(true), + '$baseurl' => $a->getBaseURL(true), '$addon' => $addon, '$status' => $status, @@ -2042,10 +2042,10 @@ function admin_page_addons(App $a) * List addons */ if (x($_GET, "a") && $_GET['a'] == "r") { - BaseModule::checkFormSecurityTokenRedirectOnError(System::baseUrl() . '/admin/addons', 'admin_themes', 't'); + BaseModule::checkFormSecurityTokenRedirectOnError($a->getBaseURL() . '/admin/addons', 'admin_themes', 't'); Addon::reload(); info("Addons reloaded"); - goaway(System::baseUrl() . '/admin/addons'); + $a->internalRedirect('admin/addons'); } $addons = []; @@ -2235,7 +2235,7 @@ function admin_page_themes(App $a) } Config::set('system', 'allowed_themes', $s); - goaway('admin/themes'); + $a->internalRedirect('admin/themes'); return ''; // NOTREACHED } @@ -2316,7 +2316,7 @@ function admin_page_themes(App $a) } } info("Themes reloaded"); - goaway(System::baseUrl() . '/admin/themes'); + $a->internalRedirect('admin/themes'); } /* @@ -2365,7 +2365,7 @@ function admin_page_logs_post(App $a) } info(L10n::t("Log settings updated.")); - goaway('admin/logs'); + $a->internalRedirect('admin/logs'); return; // NOTREACHED } @@ -2513,7 +2513,7 @@ function admin_page_features_post(App $a) } } - goaway('admin/features'); + $a->internalRedirect('admin/features'); return; // NOTREACHED } diff --git a/mod/api.php b/mod/api.php index e97846165..716b48446 100644 --- a/mod/api.php +++ b/mod/api.php @@ -5,6 +5,7 @@ use Friendica\App; use Friendica\Core\Config; use Friendica\Core\L10n; +use Friendica\Core\System; use Friendica\Database\DBA; use Friendica\Module\Login; @@ -76,7 +77,7 @@ function api_content(App $a) if (strstr($consumer->callback_url, $glue)) { $glue = "?"; } - goaway($consumer->callback_url . $glue . "oauth_token=" . OAuthUtil::urlencode_rfc3986($params['oauth_token']) . "&oauth_verifier=" . OAuthUtil::urlencode_rfc3986($verifier)); + $a->internalRedirect($consumer->callback_url . $glue . 'oauth_token=' . OAuthUtil::urlencode_rfc3986($params['oauth_token']) . '&oauth_verifier=' . OAuthUtil::urlencode_rfc3986($verifier)); killme(); } diff --git a/mod/cal.php b/mod/cal.php index b55e078d8..6f483acc1 100644 --- a/mod/cal.php +++ b/mod/cal.php @@ -301,7 +301,7 @@ function cal_content(App $a) // Respect the export feature setting for all other /cal pages if it's not the own profile if ((local_user() !== intval($owner_uid)) && !Feature::isEnabled($owner_uid, "export_calendar")) { notice(L10n::t('Permission denied.') . EOL); - goaway('cal/' . $nick); + $a->internalRedirect('cal/' . $nick); } // Get the export data by uid @@ -322,7 +322,7 @@ function cal_content(App $a) $return_path = "cal/" . $nick; } - goaway($return_path); + $a->internalRedirect($return_path); } // If nothing went wrong we can echo the export content diff --git a/mod/delegate.php b/mod/delegate.php index 2b29632dd..e38ce058e 100644 --- a/mod/delegate.php +++ b/mod/delegate.php @@ -62,7 +62,7 @@ function delegate_content(App $a) if ($a->argc > 2 && $a->argv[1] === 'add' && intval($a->argv[2])) { // delegated admins can view but not change delegation permissions if (x($_SESSION, 'submanage')) { - goaway(System::baseUrl() . '/delegate'); + $a->internalRedirect('delegate'); } $user_id = $a->argv[2]; @@ -77,17 +77,17 @@ function delegate_content(App $a) DBA::insert('manage', ['uid' => $user_id, 'mid' => local_user()]); } } - goaway(System::baseUrl() . '/delegate'); + $a->internalRedirect('delegate'); } if ($a->argc > 2 && $a->argv[1] === 'remove' && intval($a->argv[2])) { // delegated admins can view but not change delegation permissions if (x($_SESSION, 'submanage')) { - goaway(System::baseUrl() . '/delegate'); + $a->internalRedirect('delegate'); } DBA::delete('manage', ['uid' => $a->argv[2], 'mid' => local_user()]); - goaway(System::baseUrl() . '/delegate'); + $a->internalRedirect('delegate'); } // find everybody that currently has delegated management to this account/page diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php index 48ce3c6aa..f685d9e23 100644 --- a/mod/dfrn_confirm.php +++ b/mod/dfrn_confirm.php @@ -400,7 +400,7 @@ function dfrn_confirm_post(App $a, $handsfree = null) // Let's send our user to the contact editor in case they want to // do anything special with this new friend. if ($handsfree === null) { - goaway(System::baseUrl() . '/contact/' . intval($contact_id)); + $a->internalRedirect('contact/' . intval($contact_id)); } else { return; } @@ -620,6 +620,6 @@ function dfrn_confirm_post(App $a, $handsfree = null) } // somebody arrived here by mistake or they are fishing. Send them to the homepage. - goaway(System::baseUrl()); + $a->internalRedirect(); // NOTREACHED } diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index af597d76f..4e7521b0e 100644 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -90,7 +90,7 @@ function dfrn_poll_init(App $a) $my_id = '0:' . $dfrn_id; break; default: - goaway(System::baseUrl()); + $a->internalRedirect(); break; // NOTREACHED } @@ -109,7 +109,7 @@ function dfrn_poll_init(App $a) if (strlen($s)) { $xml = XML::parseString($s); - if ((int) $xml->status === 1) { + if ((int)$xml->status === 1) { $_SESSION['authenticated'] = 1; if (!x($_SESSION, 'remote')) { $_SESSION['remote'] = []; @@ -135,10 +135,15 @@ function dfrn_poll_init(App $a) ); } } - $profile = $r[0]['nickname']; - goaway((strlen($destination_url)) ? $destination_url : System::baseUrl() . '/profile/' . $profile); + + $profile = (count($r) > 0 && isset($r[0]['nickname']) ? $r[0]['nickname'] : ''); + if (!empty($destination_url)) { + System::externalRedirect($destination_url); + } else { + $a->internalRedirect('profile/' . $profile); + } } - goaway(System::baseUrl()); + $a->internalRedirect(); } if ($type === 'profile-check' && $dfrn_version < 2.2) { @@ -325,7 +330,7 @@ function dfrn_poll_post(App $a) $my_id = '0:' . $dfrn_id; break; default: - goaway(System::baseUrl()); + $a->internalRedirect(); break; // NOTREACHED } @@ -446,7 +451,7 @@ function dfrn_poll_content(App $a) $my_id = '0:' . $dfrn_id; break; default: - goaway(System::baseUrl()); + $a->internalRedirect(); break; // NOTREACHED } @@ -505,25 +510,6 @@ function dfrn_poll_content(App $a) ])->getBody(); } - $profile = ((DBA::isResult($r) && $r[0]['nickname']) ? $r[0]['nickname'] : $nickname); - - switch ($destination_url) { - case 'profile': - $dest = System::baseUrl() . '/profile/' . $profile . '?f=&tab=profile'; - break; - case 'photos': - $dest = System::baseUrl() . '/photos/' . $profile; - break; - case 'status': - case '': - $dest = System::baseUrl() . '/profile/' . $profile; - break; - default: - $appendix = (strstr($destination_url, '?') ? '&f=&redir=1' : '?f=&redir=1'); - $dest = $destination_url . $appendix; - break; - } - logger("dfrn_poll: sec profile: " . $s, LOGGER_DATA); if (strlen($s) && strstr($s, 'internalRedirect('profile/' . $profile . '?f=&tab=profile'; + break; + case 'photos': + $a->internalRedirect('photos/' . $profile; + break; + case 'status': + case '': + $a->internalRedirect('profile/' . $profile; + break; + default: + $appendix = (strstr($destination_url, '?') ? '&f=&redir=1' : '?f=&redir=1'); + System::externalRedirect($destination_url . $appendix); + break; + } // NOTREACHED } else { // XML reply diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php index 67db2c628..141e5e5ac 100644 --- a/mod/dfrn_request.php +++ b/mod/dfrn_request.php @@ -62,7 +62,7 @@ function dfrn_request_post(App $a) } if (x($_POST, 'cancel')) { - goaway(System::baseUrl()); + $a->internalRedirect(); } /* @@ -173,9 +173,9 @@ function dfrn_request_post(App $a) Contact::updateAvatar($photo, local_user(), $r[0]["id"], true); } - $forwardurl = System::baseUrl() . "/contact/" . $r[0]['id']; + $forward_path = "contact/" . $r[0]['id']; } else { - $forwardurl = System::baseUrl() . "/contact"; + $forward_path = "contact"; } // Allow the blocked remote notification to complete @@ -188,14 +188,14 @@ function dfrn_request_post(App $a) } // (ignore reply, nothing we can do it failed) - goaway($forwardurl); + $a->internalRedirect($forward_path); return; // NOTREACHED } } // invalid/bogus request notice(L10n::t('Unrecoverable protocol error.') . EOL); - goaway(System::baseUrl()); + $a->internalRedirect(); return; // NOTREACHED } @@ -331,19 +331,19 @@ function dfrn_request_post(App $a) $url = Network::isUrlValid($url); if (!$url) { notice(L10n::t('Invalid profile URL.') . EOL); - goaway(System::baseUrl() . '/' . $a->cmd); + $a->internalRedirect($a->cmd); return; // NOTREACHED } if (!Network::isUrlAllowed($url)) { notice(L10n::t('Disallowed profile URL.') . EOL); - goaway(System::baseUrl() . '/' . $a->cmd); + $a->internalRedirect($a->cmd); return; // NOTREACHED } if (Network::isUrlBlocked($url)) { notice(L10n::t('Blocked domain') . EOL); - goaway(System::baseUrl() . '/' . $a->cmd); + $a->internalRedirect($a->cmd); return; // NOTREACHED } @@ -351,7 +351,7 @@ function dfrn_request_post(App $a) if (!count($parms)) { notice(L10n::t('Profile location is not valid or does not contain profile information.') . EOL); - goaway(System::baseUrl() . '/' . $a->cmd); + $a->internalRedirect($a->cmd); } else { if (!x($parms, 'fn')) { notice(L10n::t('Warning: profile location has no identifiable owner name.') . EOL); @@ -433,10 +433,10 @@ function dfrn_request_post(App $a) } // "Homecoming" - send the requestor back to their site to record the introduction. - $dfrn_url = bin2hex(System::baseUrl() . '/profile/' . $nickname); + $dfrn_url = bin2hex($a->getBaseURL() . '/profile/' . $nickname); $aes_allow = ((function_exists('openssl_encrypt')) ? 1 : 0); - goaway($parms['dfrn-request'] . "?dfrn_url=$dfrn_url" + System::externalRedirect($parms['dfrn-request'] . "?dfrn_url=$dfrn_url" . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&confirm_key=' . $hash . (($aes_allow) ? "&aes_allow=1" : "") @@ -459,11 +459,11 @@ function dfrn_request_post(App $a) $uri = urlencode($uri); } else { - $uri = System::baseUrl() . '/profile/' . $nickname; + $uri = 'profile/' . $nickname; } $url = str_replace('{uri}', $uri, $url); - goaway($url); + System::externalRedirect($url); // NOTREACHED // END $network != Protocol::PHANTOM } else { diff --git a/mod/display.php b/mod/display.php index 081c3ce6c..38cdfe41d 100644 --- a/mod/display.php +++ b/mod/display.php @@ -79,7 +79,7 @@ function display_init(App $a) } if (ActivityPub::isRequest()) { - goaway(str_replace('display/', 'objects/', $a->query_string)); + $a->internalRedirect(str_replace('display/', 'objects/', $a->query_string)); } if ($item["id"] != $item["parent"]) { diff --git a/mod/events.php b/mod/events.php index d6ad97eac..7cdeb85f7 100644 --- a/mod/events.php +++ b/mod/events.php @@ -100,7 +100,7 @@ function events_post(App $a) $type = 'event'; $action = ($event_id == '') ? 'new' : "event/" . $event_id; - $onerror_url = System::baseUrl() . "/events/" . $action . "?summary=$summary&description=$desc&location=$location&start=$start_text&finish=$finish_text&adjust=$adjust&nofinish=$nofinish"; + $onerror_path = "events/" . $action . "?summary=$summary&description=$desc&location=$location&start=$start_text&finish=$finish_text&adjust=$adjust&nofinish=$nofinish"; if (strcmp($finish, $start) < 0 && !$nofinish) { notice(L10n::t('Event can not end before it has started.') . EOL); @@ -108,7 +108,7 @@ function events_post(App $a) echo L10n::t('Event can not end before it has started.'); killme(); } - goaway($onerror_url); + $a->internalRedirect($onerror_path); } if (!$summary || ($start === NULL_DATE)) { @@ -117,7 +117,7 @@ function events_post(App $a) echo L10n::t('Event title and start time are required.'); killme(); } - goaway($onerror_url); + $a->internalRedirect($onerror_path); } $share = intval(defaults($_POST, 'share', 0)); @@ -187,7 +187,7 @@ function events_post(App $a) Worker::add(PRIORITY_HIGH, "Notifier", "event", $item_id); } - goaway('/events'); + $a->internalRedirect('events'); } function events_content(App $a) @@ -198,7 +198,7 @@ function events_content(App $a) } if ($a->argc == 1) { - $_SESSION['return_url'] = System::baseUrl() . '/' . $a->cmd; + $_SESSION['return_path'] = $a->cmd; } if (($a->argc > 2) && ($a->argv[1] === 'ignore') && intval($a->argv[2])) { @@ -577,6 +577,6 @@ function events_content(App $a) info(L10n::t('Event removed') . EOL); } - goaway(System::baseUrl() . '/events'); + $a->internalRedirect('events'); } } diff --git a/mod/filerm.php b/mod/filerm.php index 7fb978ae6..733d67b59 100644 --- a/mod/filerm.php +++ b/mod/filerm.php @@ -25,7 +25,7 @@ function filerm_content(App $a) { file_tag_unsave_file(local_user(),$item_id,$term, $category); } - //goaway('/network'); + //$a->internalRedirect('network'); killme(); } diff --git a/mod/follow.php b/mod/follow.php index 70dfb627e..adc3fcc3b 100644 --- a/mod/follow.php +++ b/mod/follow.php @@ -20,12 +20,12 @@ function follow_post(App $a) } if (isset($_REQUEST['cancel'])) { - goaway('contacts'); + $a->internalRedirect('contacts'); } $uid = local_user(); $url = notags(trim($_REQUEST['url'])); - $return_url = 'contacts'; + $return_path = 'contacts'; // Makes the connection request for friendica contacts easier // This is just a precaution if maybe this page is called somewhere directly via POST @@ -37,24 +37,24 @@ function follow_post(App $a) if ($result['message']) { notice($result['message']); } - goaway($return_url); + $a->internalRedirect($return_path); } elseif ($result['cid']) { - goaway('contact/' . $result['cid']); + $a->internalRedirect('contact/' . $result['cid']); } info(L10n::t('The contact could not be added.')); - goaway($return_url); + $a->internalRedirect($return_path); // NOTREACHED } function follow_content(App $a) { - $return_url = 'contacts'; + $return_path = 'contacts'; if (!local_user()) { notice(L10n::t('Permission denied.')); - goaway($return_url); + $a->internalRedirect($return_path); // NOTREACHED } @@ -74,7 +74,7 @@ function follow_content(App $a) if ($r[0]['pending']) { notice(L10n::t('You already added this contact.')); $submit = ''; - //goaway($_SESSION['return_url']); + //$a->internalRedirect($_SESSION['return_path']); // NOTREACHED } } @@ -84,21 +84,21 @@ function follow_content(App $a) if (($ret['network'] == Protocol::DIASPORA) && !Config::get('system', 'diaspora_enabled')) { notice(L10n::t("Diaspora support isn't enabled. Contact can't be added.")); $submit = ''; - //goaway($_SESSION['return_url']); + //$a->internalRedirect($_SESSION['return_path']); // NOTREACHED } if (($ret['network'] == Protocol::OSTATUS) && Config::get('system', 'ostatus_disabled')) { notice(L10n::t("OStatus support is disabled. Contact can't be added.")); $submit = ''; - //goaway($_SESSION['return_url']); + //$a->internalRedirect($_SESSION['return_path']); // NOTREACHED } if ($ret['network'] == Protocol::PHANTOM) { notice(L10n::t("The network type couldn't be detected. Contact can't be added.")); $submit = ''; - //goaway($_SESSION['return_url']); + //$a->internalRedirect($_SESSION['return_path']); // NOTREACHED } @@ -118,7 +118,7 @@ function follow_content(App $a) if (!$r) { notice(L10n::t('Permission denied.')); - goaway($return_url); + $a->internalRedirect($return_path); // NOTREACHED } diff --git a/mod/group.php b/mod/group.php index 129cf18c2..404448ebb 100644 --- a/mod/group.php +++ b/mod/group.php @@ -38,12 +38,12 @@ function group_post(App $a) { info(L10n::t('Group created.') . EOL); $r = Model\Group::getIdByName(local_user(), $name); if ($r) { - goaway(System::baseUrl() . '/group/' . $r); + $a->internalRedirect('group/' . $r); } } else { notice(L10n::t('Could not create group.') . EOL); } - goaway(System::baseUrl() . '/group'); + $a->internalRedirect('group'); return; // NOTREACHED } @@ -56,7 +56,7 @@ function group_post(App $a) { ); if (!DBA::isResult($r)) { notice(L10n::t('Group not found.') . EOL); - goaway(System::baseUrl() . '/contact'); + $a->internalRedirect('contact'); return; // NOTREACHED } $group = $r[0]; @@ -88,7 +88,7 @@ function group_content(App $a) { // With no group number provided we jump to the unassigned contacts as a starting point if ($a->argc == 1) { - goaway('group/none'); + $a->internalRedirect('group/none'); } // Switch to text mode interface if we have more than 'n' contacts or group members @@ -159,7 +159,7 @@ function group_content(App $a) { notice(L10n::t('Unable to remove group.') . EOL); } } - goaway(System::baseUrl() . '/group'); + $a->internalRedirect('group'); // NOTREACHED } @@ -183,7 +183,7 @@ function group_content(App $a) { if (!DBA::isResult($r)) { notice(L10n::t('Group not found.') . EOL); - goaway(System::baseUrl() . '/contact'); + $a->internalRedirect('contact'); } $group = $r[0]; diff --git a/mod/home.php b/mod/home.php index 33d736a4e..bf5b5d27f 100644 --- a/mod/home.php +++ b/mod/home.php @@ -16,11 +16,11 @@ function home_init(App $a) { Addon::callHooks('home_init',$ret); if (local_user() && ($a->user['nickname'])) { - goaway(System::baseUrl()."/network"); + $a->internalRedirect('network'); } if (strlen(Config::get('system','singleuser'))) { - goaway(System::baseUrl()."/profile/" . Config::get('system','singleuser')); + $a->internalRedirect('profile/' . Config::get('system','singleuser')); } }} diff --git a/mod/ignored.php b/mod/ignored.php index 8502874ce..4f14119fe 100644 --- a/mod/ignored.php +++ b/mod/ignored.php @@ -43,7 +43,7 @@ function ignored_init(App $a) $rand = "?$rand"; } - goaway(System::baseUrl() . "/" . $return_path . $rand); + $a->internalRedirect($return_path . $rand); } // the json doesn't really matter, it will either be 0 or 1 diff --git a/mod/item.php b/mod/item.php index 5d4a23caa..cd64b70f8 100644 --- a/mod/item.php +++ b/mod/item.php @@ -115,7 +115,7 @@ function item_post(App $a) { if (!DBA::isResult($parent_item)) { notice(L10n::t('Unable to locate original post.') . EOL); if (!empty($_REQUEST['return'])) { - goaway($return_path); + $a->internalRedirect($return_path); } killme(); } @@ -165,7 +165,7 @@ function item_post(App $a) { notice(L10n::t('Permission denied.') . EOL) ; if (!empty($_REQUEST['return'])) { - goaway($return_path); + $a->internalRedirect($return_path); } killme(); @@ -283,7 +283,7 @@ function item_post(App $a) { } info(L10n::t('Empty post discarded.') . EOL); if (!empty($_REQUEST['return'])) { - goaway($return_path); + $a->internalRedirect($return_path); } killme(); } @@ -678,7 +678,7 @@ function item_post(App $a) { if (!empty($datarray['cancel'])) { logger('mod_item: post cancelled by addon.'); if ($return_path) { - goaway($return_path); + $a->internalRedirect($return_path); } $json = ['cancel' => 1]; @@ -714,7 +714,7 @@ function item_post(App $a) { if (!empty($_REQUEST['return']) && strlen($return_path)) { logger('return: ' . $return_path); - goaway($return_path); + $a->internalRedirect($return_path); } killme(); } else { @@ -729,14 +729,14 @@ function item_post(App $a) { if (!$post_id) { logger("Item wasn't stored."); - goaway($return_path); + $a->internalRedirect($return_path); } $datarray = Item::selectFirst(Item::ITEM_FIELDLIST, ['id' => $post_id]); if (!DBA::isResult($datarray)) { logger("Item with id ".$post_id." couldn't be fetched."); - goaway($return_path); + $a->internalRedirect($return_path); } // update filetags in pconfig @@ -844,13 +844,14 @@ function item_post(App $a) { function item_post_return($baseurl, $api_source, $return_path) { // figure out how to return, depending on from whence we came + $a = get_app(); if ($api_source) { return; } if ($return_path) { - goaway($return_path); + $a->internalRedirect($return_path); } $json = ['success' => 1]; diff --git a/mod/like.php b/mod/like.php index 08e3febbb..296e563bf 100644 --- a/mod/like.php +++ b/mod/like.php @@ -28,7 +28,7 @@ function like_content(App $a) { // See if we've been passed a return path to redirect to $return_path = ((x($_REQUEST,'return')) ? $_REQUEST['return'] : ''); - like_content_return(System::baseUrl(), $return_path); + like_content_return($a, $return_path); killme(); // NOTREACHED } @@ -36,7 +36,7 @@ function like_content(App $a) { // Decide how to return. If we were called with a 'return' argument, // then redirect back to the calling page. If not, just quietly end -function like_content_return($baseurl, $return_path) { +function like_content_return(App $a, $return_path) { if ($return_path) { $rand = '_=' . time(); if (strpos($return_path, '?')) { @@ -45,7 +45,7 @@ function like_content_return($baseurl, $return_path) { $rand = "?$rand"; } - goaway($baseurl . "/" . $return_path . $rand); + $a->internalRedirect($return_path . $rand); } killme(); diff --git a/mod/lostpass.php b/mod/lostpass.php index 166da25fc..9cde1c9ff 100644 --- a/mod/lostpass.php +++ b/mod/lostpass.php @@ -19,14 +19,14 @@ function lostpass_post(App $a) { $loginame = notags(trim($_POST['login-name'])); if (!$loginame) { - goaway(System::baseUrl()); + $a->internalRedirect(); } $condition = ['(`email` = ? OR `nickname` = ?) AND `verified` = 1 AND `blocked` = 0', $loginame, $loginame]; $user = DBA::selectFirst('user', ['uid', 'username', 'email', 'language'], $condition); if (!DBA::isResult($user)) { notice(L10n::t('No valid account found.') . EOL); - goaway(System::baseUrl()); + $a->internalRedirect(); } $pwdreset_token = autoname(12) . mt_rand(1000, 9999); @@ -78,7 +78,7 @@ function lostpass_post(App $a) 'body' => $body ]); - goaway(System::baseUrl()); + $a->internalRedirect(); } function lostpass_content(App $a) diff --git a/mod/manage.php b/mod/manage.php index d38d90ce6..b98fcac6f 100644 --- a/mod/manage.php +++ b/mod/manage.php @@ -99,7 +99,7 @@ function manage_post(App $a) { unset($_SESSION['theme']); unset($_SESSION['mobile-theme']); unset($_SESSION['page_flags']); - unset($_SESSION['return_url']); + unset($_SESSION['return_path']); if (x($_SESSION, 'submanage')) { unset($_SESSION['submanage']); } @@ -119,7 +119,7 @@ function manage_post(App $a) { $ret = []; Addon::callHooks('home_init',$ret); - goaway( System::baseUrl() . "/profile/" . $a->user['nickname'] ); + $a->internalRedirect('profile/' . $a->user['nickname'] ); // NOTREACHED } diff --git a/mod/match.php b/mod/match.php index 7e805d5ba..b29961994 100644 --- a/mod/match.php +++ b/mod/match.php @@ -35,7 +35,7 @@ function match_content(App $a) $a->page['aside'] .= Widget::findPeople(); $a->page['aside'] .= Widget::follow(); - $_SESSION['return_url'] = System::baseUrl() . '/' . $a->cmd; + $_SESSION['return_path'] = $a->cmd; $r = q( "SELECT `pub_keywords`, `prv_keywords` FROM `profile` WHERE `is-default` = 1 AND `uid` = %d LIMIT 1", diff --git a/mod/message.php b/mod/message.php index f9c5c29ec..8a04f9abe 100644 --- a/mod/message.php +++ b/mod/message.php @@ -87,7 +87,7 @@ function message_post(App $a) $a->argc = 2; $a->argv[1] = 'new'; } else { - goaway($a->cmd . '/' . $ret); + $a->internalRedirect($a->cmd . '/' . $ret); } } @@ -155,7 +155,7 @@ function message_content(App $a) // Now check how the user responded to the confirmation query if (!empty($_REQUEST['canceled'])) { - goaway('/message'); + $a->internalRedirect('message'); } $cmd = $a->argv[1]; @@ -163,7 +163,7 @@ function message_content(App $a) $message = DBA::selectFirst('mail', ['convid'], ['id' => $a->argv[2], 'uid' => local_user()]); if(!DBA::isResult($message)){ info(L10n::t('Conversation not found.') . EOL); - goaway('/message'); + $a->internalRedirect('message'); } if (DBA::delete('mail', ['id' => $a->argv[2], 'uid' => local_user()])) { @@ -173,10 +173,10 @@ function message_content(App $a) $conversation = DBA::selectFirst('mail', ['id'], ['convid' => $message['convid'], 'uid' => local_user()]); if(!DBA::isResult($conversation)){ info(L10n::t('Conversation removed.') . EOL); - goaway('/message'); + $a->internalRedirect('message'); } - goaway('/message/' . $conversation['id'] ); + $a->internalRedirect('message/' . $conversation['id'] ); } else { $r = q("SELECT `parent-uri`,`convid` FROM `mail` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($a->argv[2]), @@ -190,7 +190,7 @@ function message_content(App $a) info(L10n::t('Conversation removed.') . EOL); } } - goaway('/message' ); + $a->internalRedirect('message'); } } @@ -265,7 +265,7 @@ function message_content(App $a) } - $_SESSION['return_url'] = $a->query_string; + $_SESSION['return_path'] = $a->query_string; if ($a->argc == 1) { diff --git a/mod/network.php b/mod/network.php index fb0093849..b697cb3a6 100644 --- a/mod/network.php +++ b/mod/network.php @@ -38,7 +38,7 @@ function network_init(App $a) $search = (x($_GET, 'search') ? escape_tags($_GET['search']) : ''); if (($search != '') && !empty($_GET['submit'])) { - goaway('search?search=' . urlencode($search)); + $a->internalRedirect('search?search=' . urlencode($search)); } if (x($_GET, 'save')) { @@ -140,7 +140,7 @@ function network_init(App $a) $redir_url = ($net_queries ? $net_baseurl . '?' . $net_queries : $net_baseurl); - goaway(System::baseUrl() . $redir_url); + $a->internalRedirect($redir_url); } } @@ -618,7 +618,7 @@ function networkThreadedView(App $a, $update, $parent) killme(); } notice(L10n::t('No such group') . EOL); - goaway('network/0'); + $a->internalRedirect('network/0'); // NOTREACHED } @@ -672,7 +672,7 @@ function networkThreadedView(App $a, $update, $parent) } } else { notice(L10n::t('Invalid contact.') . EOL); - goaway('network'); + $a->internalRedirect('network'); // NOTREACHED } } diff --git a/mod/nogroup.php b/mod/nogroup.php index 18681d768..438c4ff44 100644 --- a/mod/nogroup.php +++ b/mod/nogroup.php @@ -24,5 +24,5 @@ function nogroup_content(App $a) return ''; } - goaway(System::baseUrl() . '/group/none'); + $a->internalRedirect('group/none'); } diff --git a/mod/notice.php b/mod/notice.php index 133fd22fc..b40f0ee69 100644 --- a/mod/notice.php +++ b/mod/notice.php @@ -15,8 +15,7 @@ function notice_init(App $a) $r = q("SELECT `user`.`nickname` FROM `user` LEFT JOIN `item` ON `item`.`uid` = `user`.`uid` WHERE `item`.`id` = %d", intval($id)); if (DBA::isResult($r)) { $nick = $r[0]['nickname']; - $url = System::baseUrl() . "/display/$nick/$id"; - goaway($url); + $a->internalRedirect('display/' . $nick . '/' . $id); } else { $a->error = 404; notice(L10n::t('Item not found.') . EOL); diff --git a/mod/notifications.php b/mod/notifications.php index 1885f9644..d5cfbf276 100644 --- a/mod/notifications.php +++ b/mod/notifications.php @@ -17,7 +17,7 @@ use Friendica\Module\Login; function notifications_post(App $a) { if (!local_user()) { - goaway(System::baseUrl()); + $a->internalRedirect(); } $request_id = (($a->argc > 1) ? $a->argv[1] : 0); @@ -52,12 +52,12 @@ function notifications_post(App $a) 'self' => false, 'blocked' => true, 'pending' => true]; DBA::delete('contact', $condition); } - goaway('notifications/intros'); + $a->internalRedirect('notifications/intros'); } if ($_POST['submit'] == L10n::t('Ignore')) { DBA::update('intro', ['ignore' => true], ['id' => $intro_id]); - goaway('notifications/intros'); + $a->internalRedirect('notifications/intros'); } } } diff --git a/mod/notify.php b/mod/notify.php index a277e5981..6ec36d8f9 100644 --- a/mod/notify.php +++ b/mod/notify.php @@ -37,10 +37,10 @@ function notify_init(App $a) } } - goaway($note['link']); + System::externalRedirect($note['link']); } - goaway(System::baseUrl(true)); + $a->internalRedirect(); } if ($a->argc > 2 && $a->argv[1] === 'mark' && $a->argv[2] === 'all') { diff --git a/mod/openid.php b/mod/openid.php index 41aabe7a9..93a07a4b4 100644 --- a/mod/openid.php +++ b/mod/openid.php @@ -14,7 +14,7 @@ function openid_content(App $a) { $noid = Config::get('system','no_openid'); if($noid) - goaway(System::baseUrl()); + $a->internalRedirect(); logger('mod_openid ' . print_r($_REQUEST,true), LOGGER_DATA); @@ -28,7 +28,7 @@ function openid_content(App $a) { if(! strlen($authid)) { logger(L10n::t('OpenID protocol error. No ID returned.') . EOL); - goaway(System::baseUrl()); + $a->internalRedirect(); } // NOTE: we search both for normalised and non-normalised form of $authid @@ -56,7 +56,7 @@ function openid_content(App $a) { // just in case there was no return url set // and we fell through - goaway(System::baseUrl()); + $a->internalRedirect(); } // Successful OpenID login - but we can't match it to an existing account. @@ -64,7 +64,7 @@ function openid_content(App $a) { if (intval(Config::get('config', 'register_policy')) === REGISTER_CLOSED) { notice(L10n::t('Account not found and OpenID registration is not permitted on this site.') . EOL); - goaway(System::baseUrl()); + $a->internalRedirect(); } unset($_SESSION['register']); @@ -108,12 +108,12 @@ function openid_content(App $a) { $args .= '&openid_url=' . urlencode(notags(trim($authid))); - goaway(System::baseUrl() . '/register?' . $args); + $a->internalRedirect('register?' . $args); // NOTREACHED } } notice(L10n::t('Login failed.') . EOL); - goaway(System::baseUrl()); + $a->internalRedirect(); // NOTREACHED } diff --git a/mod/ostatus_subscribe.php b/mod/ostatus_subscribe.php index 7012ecd4b..7fce9d0b6 100644 --- a/mod/ostatus_subscribe.php +++ b/mod/ostatus_subscribe.php @@ -15,7 +15,7 @@ function ostatus_subscribe_content(App $a) { if (! local_user()) { notice(L10n::t('Permission denied.') . EOL); - goaway('/ostatus_subscribe'); + $a->internalRedirect('ostatus_subscribe'); // NOTREACHED } diff --git a/mod/photos.php b/mod/photos.php index 55c8881e4..ef6428d7a 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -196,7 +196,7 @@ function photos_post(App $a) $album = hex2bin($a->argv[3]); if ($album === L10n::t('Profile Photos') || $album === 'Contact Photos' || $album === L10n::t('Contact Photos')) { - goaway($_SESSION['photo_return']); + $a->internalRedirect($_SESSION['photo_return']); return; // NOTREACHED } @@ -207,13 +207,13 @@ function photos_post(App $a) if (!DBA::isResult($r)) { notice(L10n::t('Album not found.') . EOL); - goaway($_SESSION['photo_return']); + $a->internalRedirect($_SESSION['photo_return']); return; // NOTREACHED } // Check if the user has responded to a delete confirmation query if (!empty($_REQUEST['canceled'])) { - goaway($_SESSION['photo_return']); + $a->internalRedirect($_SESSION['photo_return']); } // RENAME photo album @@ -227,8 +227,7 @@ function photos_post(App $a) // Update the photo albums cache Photo::clearAlbumCache($page_owner_uid); - $newurl = System::baseUrl() . '/photos/' . $a->user['nickname'] . '/album/' . bin2hex($newalbum); - goaway($newurl); + $a->internalRedirect('photos/' . $a->user['nickname'] . '/album/' . bin2hex($newalbum)); return; // NOTREACHED } @@ -281,7 +280,7 @@ function photos_post(App $a) $res[] = "'" . DBA::escape($rr['rid']) . "'" ; } } else { - goaway($_SESSION['photo_return']); + $a->internalRedirect($_SESSION['photo_return']); return; // NOTREACHED } @@ -299,14 +298,14 @@ function photos_post(App $a) Photo::clearAlbumCache($page_owner_uid); } - goaway('photos/' . $a->data['user']['nickname']); + $a->internalRedirect('photos/' . $a->data['user']['nickname']); return; // NOTREACHED } // Check if the user has responded to a delete confirmation query for a single photo if ($a->argc > 2 && !empty($_REQUEST['canceled'])) { - goaway($_SESSION['photo_return']); + $a->internalRedirect($_SESSION['photo_return']); } if ($a->argc > 2 && defaults($_POST, 'delete', '') === L10n::t('Delete Photo')) { @@ -356,7 +355,7 @@ function photos_post(App $a) Photo::clearAlbumCache($page_owner_uid); } - goaway('photos/' . $a->data['user']['nickname']); + $a->internalRedirect('photos/' . $a->data['user']['nickname']); return; // NOTREACHED } @@ -697,7 +696,7 @@ function photos_post(App $a) } } } - goaway($_SESSION['photo_return']); + $a->internalRedirect($_SESSION['photo_return']); return; // NOTREACHED } @@ -928,7 +927,7 @@ function photos_post(App $a) // addon uploaders should call "killme()" [e.g. exit] within the photo_post_end hook // if they do not wish to be redirected - goaway($_SESSION['photo_return']); + $a->internalRedirect($_SESSION['photo_return']); // NOTREACHED } @@ -1470,7 +1469,7 @@ function photos_content(App $a) if (count($linked_items)) { $cmnt_tpl = get_markup_template('comment_item.tpl'); $tpl = get_markup_template('photo_item.tpl'); - $return_url = $a->cmd; + $return_path = $a->cmd; if ($can_post || Security::canWriteToUserWall($owner_uid)) { $like_tpl = get_markup_template('like_noshare.tpl'); @@ -1487,7 +1486,7 @@ function photos_content(App $a) if (($can_post || Security::canWriteToUserWall($owner_uid))) { $comments .= replace_macros($cmnt_tpl, [ '$return_path' => '', - '$jsreload' => $return_url, + '$jsreload' => $return_path, '$id' => $link_item['id'], '$parent' => $link_item['id'], '$profile_uid' => $owner_uid, @@ -1526,7 +1525,7 @@ function photos_content(App $a) if (($can_post || Security::canWriteToUserWall($owner_uid))) { $comments .= replace_macros($cmnt_tpl,[ '$return_path' => '', - '$jsreload' => $return_url, + '$jsreload' => $return_path, '$id' => $link_item['id'], '$parent' => $link_item['id'], '$profile_uid' => $owner_uid, @@ -1586,7 +1585,7 @@ function photos_content(App $a) if (($can_post || Security::canWriteToUserWall($owner_uid))) { $comments .= replace_macros($cmnt_tpl, [ '$return_path' => '', - '$jsreload' => $return_url, + '$jsreload' => $return_path, '$id' => $item['item_id'], '$parent' => $item['parent'], '$profile_uid' => $owner_uid, diff --git a/mod/profile.php b/mod/profile.php index 8d5ae8758..6f0ab9e07 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -34,7 +34,7 @@ function profile_init(App $a) } else { $r = q("SELECT `nickname` FROM `user` WHERE `blocked` = 0 AND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 ORDER BY RAND() LIMIT 1"); if (DBA::isResult($r)) { - goaway(System::baseUrl() . '/profile/' . $r[0]['nickname']); + $a->internalRedirect('profile/' . $r[0]['nickname']); } else { logger('profile error: mod_profile ' . $a->query_string, LOGGER_DEBUG); notice(L10n::t('Requested profile is not available.') . EOL); diff --git a/mod/profile_photo.php b/mod/profile_photo.php index 5fdff41e8..19188ba23 100644 --- a/mod/profile_photo.php +++ b/mod/profile_photo.php @@ -74,7 +74,7 @@ function profile_photo_post(App $a) $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = %d LIMIT 1", DBA::escape($image_id), DBA::escape(local_user()), intval($scale)); - $url = System::baseUrl() . '/profile/' . $a->user['nickname']; + $path = 'profile/' . $a->user['nickname']; if (DBA::isResult($r)) { $base_image = $r[0]; @@ -125,8 +125,8 @@ function profile_photo_post(App $a) info(L10n::t('Shift-reload the page or clear browser cache if the new photo does not display immediately.') . EOL); // Update global directory in background - if ($url && strlen(Config::get('system', 'directory'))) { - Worker::add(PRIORITY_LOW, "Directory", $url); + if ($path && strlen(Config::get('system', 'directory'))) { + Worker::add(PRIORITY_LOW, "Directory", $a->getBaseURL() . '/' . $path); } Worker::add(PRIORITY_LOW, 'ProfileUpdate', local_user()); @@ -135,7 +135,7 @@ function profile_photo_post(App $a) } } - goaway($url); + $a->internalRedirect($path); return; // NOTREACHED } @@ -168,7 +168,7 @@ function profile_photo_post(App $a) @unlink($src); $imagecrop = profile_photo_crop_ui_head($a, $ph); - goaway(System::baseUrl() . '/profile_photo/use/' . $imagecrop['hash']); + $a->internalRedirect('profile_photo/use/' . $imagecrop['hash']); } function profile_photo_content(App $a) @@ -225,7 +225,7 @@ function profile_photo_content(App $a) Worker::add(PRIORITY_LOW, "Directory", $url); } - goaway(System::baseUrl() . '/profile/' . $a->user['nickname']); + $a->internalRedirect('profile/' . $a->user['nickname']); return; // NOTREACHED } $ph = new Image($r[0]['data'], $r[0]['type']); diff --git a/mod/profiles.php b/mod/profiles.php index 22f192b4c..734b5f19e 100644 --- a/mod/profiles.php +++ b/mod/profiles.php @@ -38,7 +38,7 @@ function profiles_init(App $a) { ); if (! DBA::isResult($r)) { notice(L10n::t('Profile not found.') . EOL); - goaway('profiles'); + $a->internalRedirect('profiles'); return; // NOTREACHED } @@ -59,7 +59,7 @@ function profiles_init(App $a) { info(L10n::t('Profile deleted.').EOL); } - goaway('profiles'); + $a->internalRedirect('profiles'); return; // NOTREACHED } @@ -93,10 +93,10 @@ function profiles_init(App $a) { info(L10n::t('New profile created.') . EOL); if (DBA::isResult($r3) && count($r3) == 1) { - goaway('profiles/' . $r3[0]['id']); + $a->internalRedirect('profiles/' . $r3[0]['id']); } - goaway('profiles'); + $a->internalRedirect('profiles'); } if (($a->argc > 2) && ($a->argv[1] === 'clone')) { @@ -132,10 +132,10 @@ function profiles_init(App $a) { ); info(L10n::t('New profile created.') . EOL); if ((DBA::isResult($r3)) && (count($r3) == 1)) { - goaway('profiles/'.$r3[0]['id']); + $a->internalRedirect('profiles/'.$r3[0]['id']); } - goaway('profiles'); + $a->internalRedirect('profiles'); return; // NOTREACHED } @@ -654,7 +654,7 @@ function profiles_content(App $a) { ); if (DBA::isResult($r)) { //Go to the default profile. - goaway('profiles/' . $r[0]['id']); + $a->internalRedirect('profiles/' . $r[0]['id']); } } diff --git a/mod/randprof.php b/mod/randprof.php index 18bcb236f..055b3dcbe 100644 --- a/mod/randprof.php +++ b/mod/randprof.php @@ -13,8 +13,14 @@ function randprof_init(App $a) $x = GContact::getRandomUrl(); if ($x) { - goaway(Contact::magicLink($x)); + $link = Contact::magicLink($x); + // @TODO making the return of magicLink save to use either externalRedirect or internalRedirect + if (filter_var($link, FILTER_VALIDATE_URL)) { + System::externalRedirect($link); + } else { + $a->internalRedirect($link); + } } - goaway(System::baseUrl() . '/profile'); + $a->internalRedirect('profile'); } diff --git a/mod/redir.php b/mod/redir.php index e989ad015..ad42bc8ab 100644 --- a/mod/redir.php +++ b/mod/redir.php @@ -27,7 +27,7 @@ function redir_init(App $a) { $contact = DBA::selectFirst('contact', $fields, ['id' => $cid, 'uid' => [0, local_user()]]); if (!DBA::isResult($contact)) { notice(L10n::t('Contact not found.')); - goaway(System::baseUrl()); + $a->internalRedirect(); } $contact_url = $contact['url']; @@ -36,7 +36,7 @@ function redir_init(App $a) { || (!local_user() && !remote_user()) // Visitors (not logged in or not remotes) can't authenticate. || (!empty($a->contact['id']) && $a->contact['id'] == $cid)) // Local user is already authenticated. { - goaway($url != '' ? $url : $contact_url); + System::externalRedirect(defaults($url, $contact_url)); } if ($contact['uid'] == 0 && local_user()) { @@ -50,14 +50,14 @@ function redir_init(App $a) { if (!empty($a->contact['id']) && $a->contact['id'] == $cid) { // Local user is already authenticated. - $target_url = $url != '' ? $url : $contact_url; + $target_url = defaults($url, $contact_url); logger($contact['name'] . " is already authenticated. Redirecting to " . $target_url, LOGGER_DEBUG); - goaway($target_url); + System::externalRedirect($target_url); } } if (remote_user()) { - $host = substr(System::baseUrl() . ($a->getURLPath() ? '/' . $a->getURLPath() : ''), strpos(System::baseUrl(), '://') + 3); + $host = substr($a->getBaseURL() . ($a->getURLPath() ? '/' . $a->getURLPath() : ''), strpos($a->getBaseURL(), '://') + 3); $remotehost = substr($contact['addr'], strpos($contact['addr'], '@') + 1); // On a local instance we have to check if the local user has already authenticated @@ -71,9 +71,9 @@ function redir_init(App $a) { foreach ($_SESSION['remote'] as $v) { if ($v['uid'] == $_SESSION['visitor_visiting'] && $v['cid'] == $_SESSION['visitor_id']) { // Remote user is already authenticated. - $target_url = $url != '' ? $url : $contact_url; + $target_url = defaults($url, $contact_url); logger($contact['name'] . " is already authenticated. Redirecting to " . $target_url, LOGGER_DEBUG); - goaway($target_url); + System::externalRedirect($target_url); } } } @@ -102,11 +102,11 @@ function redir_init(App $a) { $dest = (!empty($url) ? '&destination_url=' . $url : ''); - goaway($contact['poll'] . '?dfrn_id=' . $dfrn_id + System::externalRedirect($contact['poll'] . '?dfrn_id=' . $dfrn_id . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest . $quiet); } - $url = $url != '' ? $url : $contact_url; + $url = defaults($url, $contact_url); } // If we don't have a connected contact, redirect with @@ -121,9 +121,9 @@ function redir_init(App $a) { } logger('redirecting to ' . $url, LOGGER_DEBUG); - goaway($url); + System::externalRedirect($url); } notice(L10n::t('Contact not found.')); - goaway(System::baseUrl()); + $a->internalRedirect(); } diff --git a/mod/register.php b/mod/register.php index 7ee0f0d8f..0a139ad75 100644 --- a/mod/register.php +++ b/mod/register.php @@ -100,7 +100,7 @@ function register_post(App $a) if ($res) { info(L10n::t('Registration successful. Please check your email for further instructions.') . EOL); - goaway(); + $a->internalRedirect(); } else { notice( L10n::t('Failed to send email message. Here your accout details:
login: %s
password: %s

You can change your password after login.', @@ -111,12 +111,12 @@ function register_post(App $a) } } else { info(L10n::t('Registration successful.') . EOL); - goaway(); + $a->internalRedirect(); } } elseif (intval(Config::get('config', 'register_policy')) === REGISTER_APPROVE) { if (!strlen(Config::get('config', 'admin_email'))) { notice(L10n::t('Your registration can not be processed.') . EOL); - goaway(); + $a->internalRedirect(); } Model\Register::createForApproval($user['uid'], Config::get('system', 'language'), $_POST['permonlybox']); @@ -159,7 +159,7 @@ function register_post(App $a) ); info(L10n::t('Your registration is pending approval by the site owner.') . EOL); - goaway(); + $a->internalRedirect(); } return; diff --git a/mod/regmod.php b/mod/regmod.php index 3f6f0e04e..a7aebf6b0 100644 --- a/mod/regmod.php +++ b/mod/regmod.php @@ -101,11 +101,11 @@ function regmod_content(App $a) if ($cmd === 'deny') { user_deny($hash); - goaway('admin/users/'); + $a->internalRedirect('admin/users/'); } if ($cmd === 'allow') { user_allow($hash); - goaway('admin/users/'); + $a->internalRedirect('admin/users/'); } } diff --git a/mod/removeme.php b/mod/removeme.php index b386ec12f..86d46a177 100644 --- a/mod/removeme.php +++ b/mod/removeme.php @@ -64,7 +64,7 @@ function removeme_post(App $a) function removeme_content(App $a) { if (!local_user()) { - goaway(System::baseUrl()); + $a->internalRedirect(); } $hash = random_string(); @@ -76,7 +76,7 @@ function removeme_content(App $a) $tpl = get_markup_template('removeme.tpl'); $o = replace_macros($tpl, [ - '$basedir' => System::baseUrl(), + '$basedir' => $a->getBaseURL(), '$hash' => $hash, '$title' => L10n::t('Remove My Account'), '$desc' => L10n::t('This will completely remove your account. Once this has been done it is not recoverable.'), diff --git a/mod/repair_ostatus.php b/mod/repair_ostatus.php index 449922081..3a3ce4206 100644 --- a/mod/repair_ostatus.php +++ b/mod/repair_ostatus.php @@ -14,7 +14,7 @@ function repair_ostatus_content(App $a) { if (! local_user()) { notice(L10n::t('Permission denied.') . EOL); - goaway('/ostatus_repair'); + $a->internalRedirect('ostatus_repair'); // NOTREACHED } diff --git a/mod/settings.php b/mod/settings.php index cb8882399..970c5b7ee 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -160,7 +160,7 @@ function settings_post(App $a) $key = $_POST['remove']; DBA::delete('tokens', ['id' => $key, 'uid' => local_user()]); - goaway(System::baseUrl(true)."/settings/oauth/"); + $a->internalRedirect('settings/oauth/', true); return; } @@ -206,7 +206,7 @@ function settings_post(App $a) ); } } - goaway(System::baseUrl(true)."/settings/oauth/"); + $a->internalRedirect('settings/oauth/', true); return; } @@ -371,7 +371,7 @@ function settings_post(App $a) ); Addon::callHooks('display_settings_post', $_POST); - goaway('settings/display'); + $a->internalRedirect('settings/display'); return; // NOTREACHED } @@ -380,7 +380,7 @@ function settings_post(App $a) if (x($_POST,'resend_relocate')) { Worker::add(PRIORITY_HIGH, 'Notifier', 'relocate', local_user()); info(L10n::t("Relocate message has been send to your contacts")); - goaway('settings'); + $a->internalRedirect('settings'); } Addon::callHooks('settings_post', $_POST); @@ -649,7 +649,7 @@ function settings_post(App $a) // Update the global contact for the user GContact::updateForUser(local_user()); - goaway('settings'); + $a->internalRedirect('settings'); return; // NOTREACHED } @@ -716,7 +716,7 @@ function settings_content(App $a) BaseModule::checkFormSecurityTokenRedirectOnError('/settings/oauth', 'settings_oauth', 't'); DBA::delete('clients', ['client_id' => $a->argv[3], 'uid' => local_user()]); - goaway(System::baseUrl(true)."/settings/oauth/"); + $a->internalRedirect('settings/oauth/', true); return; } @@ -732,7 +732,7 @@ function settings_content(App $a) $tpl = get_markup_template('settings/oauth.tpl'); $o .= replace_macros($tpl, [ '$form_security_token' => BaseModule::getFormSecurityToken("settings_oauth"), - '$baseurl' => System::baseUrl(true), + '$baseurl' => $a->getBaseURL(true), '$title' => L10n::t('Connected Apps'), '$add' => L10n::t('Add application'), '$edit' => L10n::t('Edit'), @@ -795,7 +795,7 @@ function settings_content(App $a) $legacy_contact = PConfig::get(local_user(), 'ostatus', 'legacy_contact'); if (x($legacy_contact)) { - /// @todo Isn't it supposed to be a goaway() call? + /// @todo Isn't it supposed to be a $a->internalRedirect() call? $a->page['htmlhead'] = ''; } diff --git a/mod/starred.php b/mod/starred.php index e75a09674..9b46b522b 100644 --- a/mod/starred.php +++ b/mod/starred.php @@ -42,7 +42,7 @@ function starred_init(App $a) { $rand = "?$rand"; } - goaway(System::baseUrl() . "/" . $return_path . $rand); + $a->internalRedirect($return_path . $rand); } // the json doesn't really matter, it will either be 0 or 1 diff --git a/mod/suggest.php b/mod/suggest.php index 81030842d..1e33cb660 100644 --- a/mod/suggest.php +++ b/mod/suggest.php @@ -62,7 +62,7 @@ function suggest_content(App $a) return; } - $_SESSION['return_url'] = System::baseUrl() . '/' . $a->cmd; + $_SESSION['return_path'] = $a->cmd; $a->page['aside'] .= Widget::findPeople(); $a->page['aside'] .= Widget::follow(); diff --git a/mod/tagrm.php b/mod/tagrm.php index db0b76579..105cc0b3d 100644 --- a/mod/tagrm.php +++ b/mod/tagrm.php @@ -13,11 +13,11 @@ use Friendica\Model\Item; function tagrm_post(App $a) { if (!local_user()) { - goaway(System::baseUrl() . '/' . $_SESSION['photo_return']); + $a->internalRedirect($_SESSION['photo_return']); } if (x($_POST,'submit') && ($_POST['submit'] === L10n::t('Cancel'))) { - goaway(System::baseUrl() . '/' . $_SESSION['photo_return']); + $a->internalRedirect($_SESSION['photo_return']); } $tag = (x($_POST,'tag') ? hex2bin(notags(trim($_POST['tag']))) : ''); @@ -25,7 +25,7 @@ function tagrm_post(App $a) $item = Item::selectFirst(['tag'], ['id' => $item_id, 'uid' => local_user()]); if (!DBA::isResult($item)) { - goaway(System::baseUrl() . '/' . $_SESSION['photo_return']); + $a->internalRedirect($_SESSION['photo_return']); } $arr = explode(',', $item['tag']); @@ -41,7 +41,7 @@ function tagrm_post(App $a) Item::update(['tag' => $tag_str], ['id' => $item_id]); info(L10n::t('Tag removed') . EOL ); - goaway(System::baseUrl() . '/' . $_SESSION['photo_return']); + $a->internalRedirect($_SESSION['photo_return']); // NOTREACHED } @@ -53,25 +53,25 @@ function tagrm_content(App $a) $o = ''; if (!local_user()) { - goaway(System::baseUrl() . '/' . $_SESSION['photo_return']); + $a->internalRedirect($_SESSION['photo_return']); // NOTREACHED } $item_id = (($a->argc > 1) ? intval($a->argv[1]) : 0); if (!$item_id) { - goaway(System::baseUrl() . '/' . $_SESSION['photo_return']); + $a->internalRedirect($_SESSION['photo_return']); // NOTREACHED } $item = Item::selectFirst(['tag'], ['id' => $item_id, 'uid' => local_user()]); if (!DBA::isResult($item)) { - goaway(System::baseUrl() . '/' . $_SESSION['photo_return']); + $a->internalRedirect($_SESSION['photo_return']); } $arr = explode(',', $item['tag']); if (!count($arr)) { - goaway(System::baseUrl() . '/' . $_SESSION['photo_return']); + $a->internalRedirect($_SESSION['photo_return']); } $o .= '

' . L10n::t('Remove Item Tag') . '

'; diff --git a/mod/toggle_mobile.php b/mod/toggle_mobile.php index 2449de4aa..ad77dd1cc 100644 --- a/mod/toggle_mobile.php +++ b/mod/toggle_mobile.php @@ -14,8 +14,8 @@ function toggle_mobile_init(App $a) { if (isset($_GET['address'])) { $address = $_GET['address']; } else { - $address = System::baseUrl(); + $address = ''; } - goaway($address); + $a->internalRedirect($address); } diff --git a/mod/unfollow.php b/mod/unfollow.php index 6a058608e..2a60322f0 100644 --- a/mod/unfollow.php +++ b/mod/unfollow.php @@ -12,13 +12,13 @@ use Friendica\Model\Contact; use Friendica\Model\Profile; use Friendica\Model\User; -function unfollow_post() +function unfollow_post(App $a) { - $return_url = 'contacts'; + $return_path = 'contacts'; if (!local_user()) { notice(L10n::t('Permission denied.')); - goaway('/login'); + $a->internalRedirect('login'); // NOTREACHED } @@ -32,17 +32,17 @@ function unfollow_post() if (!DBA::isResult($contact)) { notice(L10n::t("You aren't following this contact.")); - goaway($return_url); + $a->internalRedirect($return_path); // NOTREACHED } if (!empty($_REQUEST['cancel'])) { - goaway($return_url . '/' . $contact['id']); + $a->internalRedirect($return_path . '/' . $contact['id']); } if (!in_array($contact['network'], Protocol::NATIVE_SUPPORT)) { notice(L10n::t('Unfollowing is currently not supported by your network.')); - goaway($return_url . '/' . $contact['id']); + $a->internalRedirect($return_path . '/' . $contact['id']); // NOTREACHED } @@ -63,17 +63,17 @@ function unfollow_post() } info(L10n::t('Contact unfollowed')); - goaway($return_path); + $a->internalRedirect($return_path); // NOTREACHED } function unfollow_content(App $a) { - $return_url = 'contacts'; + $return_path = 'contacts'; if (!local_user()) { notice(L10n::t('Permission denied.')); - goaway('/login'); + $a->internalRedirect('login'); // NOTREACHED } @@ -88,13 +88,13 @@ function unfollow_content(App $a) if (!DBA::isResult($contact)) { notice(L10n::t("You aren't following this contact.")); - goaway($return_url); + $a->internalRedirect($return_path); // NOTREACHED } if (!in_array($contact['network'], Protocol::NATIVE_SUPPORT)) { notice(L10n::t('Unfollowing is currently not supported by your network.')); - goaway('contact/' . $contact['id']); + $a->internalRedirect('contact/' . $contact['id']); // NOTREACHED } @@ -105,7 +105,7 @@ function unfollow_content(App $a) if (!DBA::isResult($self)) { notice(L10n::t('Permission denied.')); - goaway($return_url); + $a->internalRedirect($return_path); // NOTREACHED } diff --git a/mod/videos.php b/mod/videos.php index b66a7cbcd..521201394 100644 --- a/mod/videos.php +++ b/mod/videos.php @@ -115,14 +115,14 @@ function videos_post(App $a) $owner_uid = $a->data['user']['uid']; if (local_user() != $owner_uid) { - goaway(System::baseUrl() . '/videos/' . $a->data['user']['nickname']); + $a->internalRedirect('videos/' . $a->data['user']['nickname']); } if (($a->argc == 2) && !empty($_POST['delete']) && !empty($_POST['id'])) { // Check if we should do HTML-based delete confirmation if (empty($_REQUEST['confirm'])) { if (!empty($_REQUEST['canceled'])) { - goaway(System::baseUrl() . '/videos/' . $a->data['user']['nickname']); + $a->internalRedirect('videos/' . $a->data['user']['nickname']); } $drop_url = $a->query_string; @@ -169,11 +169,11 @@ function videos_post(App $a) } } - goaway(System::baseUrl() . '/videos/' . $a->data['user']['nickname']); + $a->internalRedirect('videos/' . $a->data['user']['nickname']); return; // NOTREACHED } - goaway(System::baseUrl() . '/videos/' . $a->data['user']['nickname']); + $a->internalRedirect('videos/' . $a->data['user']['nickname']); } function videos_content(App $a) diff --git a/mod/wallmessage.php b/mod/wallmessage.php index 5e08420ec..dcec6ef9c 100644 --- a/mod/wallmessage.php +++ b/mod/wallmessage.php @@ -69,7 +69,7 @@ function wallmessage_post(App $a) { info(L10n::t('Message sent.') . EOL); } - goaway('profile/'.$user['nickname']); + $a->internalRedirect('profile/'.$user['nickname']); } diff --git a/src/App.php b/src/App.php index 5a29d55ed..37d4ad623 100644 --- a/src/App.php +++ b/src/App.php @@ -1747,35 +1747,35 @@ class App if (strlen($this->module)) { // Compatibility with the Android Diaspora client if ($this->module == 'stream') { - goaway('network?f=&order=post'); + $this->internalRedirect('network?f=&order=post'); } if ($this->module == 'conversations') { - goaway('message'); + $this->internalRedirect('message'); } if ($this->module == 'commented') { - goaway('network?f=&order=comment'); + $this->internalRedirect('network?f=&order=comment'); } if ($this->module == 'liked') { - goaway('network?f=&order=comment'); + $this->internalRedirect('network?f=&order=comment'); } if ($this->module == 'activity') { - goaway('network/?f=&conv=1'); + $this->internalRedirect('network/?f=&conv=1'); } if (($this->module == 'status_messages') && ($this->cmd == 'status_messages/new')) { - goaway('bookmarklet'); + $this->internalRedirect('bookmarklet'); } if (($this->module == 'user') && ($this->cmd == 'user/edit')) { - goaway('settings'); + $this->internalRedirect('settings'); } if (($this->module == 'tag_followings') && ($this->cmd == 'tag_followings/manage')) { - goaway('search'); + $this->internalRedirect('search'); } // Compatibility with the Firefox App @@ -1830,7 +1830,7 @@ class App if (!empty($_SERVER['QUERY_STRING']) && ($_SERVER['QUERY_STRING'] === 'q=internal_error.html') && isset($dreamhost_error_hack)) { logger('index.php: dreamhost_error_hack invoked. Original URI =' . $_SERVER['REQUEST_URI']); - goaway($this->getBaseURL() . $_SERVER['REQUEST_URI']); + $this->internalRedirect($_SERVER['REQUEST_URI']); } logger('index.php: page not found: ' . $_SERVER['REQUEST_URI'] . ' ADDRESS: ' . $_SERVER['REMOTE_ADDR'] . ' QUERY: ' . $_SERVER['QUERY_STRING'], LOGGER_DEBUG); @@ -1999,4 +1999,23 @@ class App /// @TODO Looks unsafe (remote-inclusion), is maybe not but Core\Theme::getPathForFile() uses file_exists() but does not escape anything require_once $template; } + + /** + * Redirects to another module relative to the current Friendica base. + * If you want to redirect to a external URL, use System::externalRedirectTo() + * + * @param string $toUrl The destination URL (Default is empty, which is the default page of the Friendica node) + * @param bool $ssl if true, base URL will try to get called with https:// (works just for relative paths) + * + * @throws InternalServerErrorException In Case the given URL is not relative to the Friendica node + */ + public function internalRedirect($toUrl = '', $ssl = false) + { + if (filter_var($toUrl, FILTER_VALIDATE_URL)) { + throw new InternalServerErrorException('URL is not a relative path, please use System::externalRedirectTo'); + } + + $redirectTo = $this->getBaseURL($ssl) . '/' . ltrim($toUrl, '/'); + System::externalRedirect($redirectTo); + } } diff --git a/src/BaseModule.php b/src/BaseModule.php index e77b1a149..522f0b783 100644 --- a/src/BaseModule.php +++ b/src/BaseModule.php @@ -60,7 +60,8 @@ abstract class BaseModule extends BaseObject */ public static function post() { - // goaway('module'); + // $a = self::getApp(); + // $a->internalRedirect('module'); } /** @@ -138,7 +139,7 @@ abstract class BaseModule extends BaseObject logger('checkFormSecurityToken failed: user ' . $a->user['guid'] . ' - form element ' . $typename); logger('checkFormSecurityToken failed: _REQUEST data: ' . print_r($_REQUEST, true), LOGGER_DATA); notice(self::getFormSecurityStandardErrorMessage()); - goaway(System::baseUrl() . $err_redirect); + $a->internalRedirect($err_redirect); } } diff --git a/src/Core/Authentication.php b/src/Core/Authentication.php index 3a4471d2a..76d078341 100644 --- a/src/Core/Authentication.php +++ b/src/Core/Authentication.php @@ -82,7 +82,7 @@ class Authentication extends BaseObject if ($interactive) { if ($a->user['login_date'] <= NULL_DATE) { - $_SESSION['return_url'] = 'profile_photo/new'; + $_SESSION['return_path'] = 'profile_photo/new'; $a->module = 'profile_photo'; info(L10n::t("Welcome ") . $a->user['username'] . EOL); info(L10n::t('Please upload a profile photo.') . EOL); @@ -193,8 +193,8 @@ class Authentication extends BaseObject if ($login_initial) { Addon::callHooks('logged_in', $a->user); - if (($a->module !== 'home') && isset($_SESSION['return_url'])) { - goaway($a->getbaseUrl() . '/' . $_SESSION['return_url']); + if (($a->module !== 'home') && isset($_SESSION['return_path'])) { + $a->internalRedirect($_SESSION['return_path']); } } } diff --git a/src/Core/System.php b/src/Core/System.php index b2c17750d..e071866ee 100644 --- a/src/Core/System.php +++ b/src/Core/System.php @@ -5,6 +5,7 @@ namespace Friendica\Core; use Friendica\BaseObject; +use Friendica\Network\HTTPException\InternalServerErrorException; use Friendica\Util\XML; /** @@ -236,10 +237,26 @@ class System extends BaseObject return max($load_arr[0], $load_arr[1]); } + /** + * Redirects to an external URL (fully qualified URL) + * If you want to route relative to the current Friendica base, use App->internalRedirect() + * + * @param string $url The new Location to redirect + * @throws InternalServerErrorException If the URL is not fully qualified + */ + public static function externalRedirect($url) + { + if (!filter_var($url, FILTER_VALIDATE_URL)) { + throw new InternalServerErrorException('URL is not a fully qualified URL, please use App->internalRedirect() instead'); + } + + header("Location: $url"); + exit(); + } + /// @todo Move the following functions from boot.php /* function killme() - function goaway($s) function local_user() function public_contact() function remote_user() diff --git a/src/Core/UserImport.php b/src/Core/UserImport.php index e62084049..54f3ec061 100644 --- a/src/Core/UserImport.php +++ b/src/Core/UserImport.php @@ -272,6 +272,6 @@ class UserImport Worker::add(PRIORITY_HIGH, 'Notifier', 'relocate', $newuid); info(L10n::t("Done. You can now login with your username and password")); - goaway(System::baseUrl() . "/login"); + $a->internalRedirect('login'); } } diff --git a/src/Model/Contact.php b/src/Model/Contact.php index 472875a80..1a5c97834 100644 --- a/src/Model/Contact.php +++ b/src/Model/Contact.php @@ -1639,7 +1639,7 @@ class Contact extends BaseObject $myaddr = bin2hex($a->user['nickname'] . '@' . $a->getHostName()); } - goaway($ret['request'] . "&addr=$myaddr"); + $a->internalRedirect($ret['request'] . "&addr=$myaddr"); // NOTREACHED } @@ -2024,8 +2024,10 @@ class Contact extends BaseObject /** * @brief Returns a magic link to authenticate remote visitors * + * @todo check if the return is either a fully qualified URL or a relative path to Friendica basedir + * * @param string $contact_url The address of the target contact profile - * @param integer $url An url that we will be redirected to after the authentication + * @param string $url An url that we will be redirected to after the authentication * * @return string with "redir" link */ @@ -2058,7 +2060,7 @@ class Contact extends BaseObject * @brief Returns a magic link to authenticate remote visitors * * @param array $contact The contact array with "uid", "network" and "url" - * @param integer $url An url that we will be redirected to after the authentication + * @param string $url An url that we will be redirected to after the authentication * * @return string with "redir" link */ diff --git a/src/Model/Profile.php b/src/Model/Profile.php index f6fb3167d..4de49022c 100644 --- a/src/Model/Profile.php +++ b/src/Model/Profile.php @@ -1047,7 +1047,7 @@ class Profile // Try to avoid recursion - but send them home to do a proper magic auth. $query = str_replace(array('?zrl=', '&zid='), array('?rzrl=', '&rzrl='), $a->query_string); // The other instance needs to know where to redirect. - $dest = urlencode(System::baseUrl() . '/' . $query); + $dest = urlencode($a->getBaseURL() . '/' . $query); // We need to extract the basebath from the profile url // to redirect the visitors '/magic' module. @@ -1055,14 +1055,14 @@ class Profile $urlarr = explode('/profile/', $contact['url']); $basepath = $urlarr[0]; - if ($basepath != System::baseUrl() && !strstr($dest, '/magic') && !strstr($dest, '/rmagic')) { + if ($basepath != $a->getBaseURL() && !strstr($dest, '/magic') && !strstr($dest, '/rmagic')) { $magic_path = $basepath . '/magic' . '?f=&owa=1&dest=' . $dest; // We have to check if the remote server does understand /magic without invoking something $serverret = Network::curl($basepath . '/magic'); if ($serverret->isSuccess()) { logger('Doing magic auth for visitor ' . $my_url . ' to ' . $magic_path, LOGGER_DEBUG); - goaway($magic_path); + System::externalRedirect($magic_path); } } } diff --git a/src/Model/User.php b/src/Model/User.php index bca3e73f5..27ed28fd4 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -450,7 +450,7 @@ class User } catch (Exception $e) { throw new Exception(L10n::t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . EOL . EOL . L10n::t('The error message was:') . $e->getMessage(), 0, $e); } - goaway($authurl); + System::externalRedirect($authurl); // NOTREACHED } @@ -783,6 +783,8 @@ class User return; } + $a = get_app(); + logger('Removing user: ' . $uid); $user = DBA::selectFirst('user', [], ['uid' => $uid]); @@ -807,7 +809,7 @@ class User if ($uid == local_user()) { unset($_SESSION['authenticated']); unset($_SESSION['uid']); - goaway();; + $a->internalRedirect(); } } } diff --git a/src/Module/Acctlink.php b/src/Module/Acctlink.php index 29aa99140..692e90591 100644 --- a/src/Module/Acctlink.php +++ b/src/Module/Acctlink.php @@ -4,6 +4,7 @@ namespace Friendica\Module; use Friendica\BaseModule; use Friendica\Network\Probe; +use Friendica\Core\System; /** * Redirects to another URL based on the parameter 'addr' @@ -18,7 +19,7 @@ class Acctlink extends BaseModule $url = defaults(Probe::uri(trim($addr)), 'url', false); if ($url) { - goaway($url); + System::externalRedirect($url); exit(); } } diff --git a/src/Module/Contact.php b/src/Module/Contact.php index 0eb912e00..271740a4f 100644 --- a/src/Module/Contact.php +++ b/src/Module/Contact.php @@ -66,9 +66,9 @@ class Contact extends BaseModule if (DBA::isResult($contact)) { if ($contact['self']) { if (($a->argc == 3) && intval($a->argv[1]) && in_array($a->argv[2], ['posts', 'conversations'])) { - goaway('profile/' . $contact['nick']); + $a->internalRedirect('profile/' . $contact['nick']); } else { - goaway('profile/' . $contact['nick'] . '?tab=profile'); + $a->internalRedirect('profile/' . $contact['nick'] . '?tab=profile'); } } @@ -168,7 +168,7 @@ class Contact extends BaseModule info(L10n::tt('%d contact edited.', '%d contacts edited.', $count_actions)); } - goaway('contact'); + $a->internalRedirect('contact'); } public static function post() @@ -191,7 +191,7 @@ class Contact extends BaseModule if (!DBA::exists('contact', ['id' => $contact_id, 'uid' => local_user()])) { notice(L10n::t('Could not access contact record.') . EOL); - goaway('contact'); + $a->internalRedirect('contact'); return; // NOTREACHED } @@ -374,19 +374,19 @@ class Contact extends BaseModule $orig_record = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => [0, local_user()], 'self' => false]); if (!DBA::isResult($orig_record)) { notice(L10n::t('Could not access contact record.') . EOL); - goaway('contact'); + $a->internalRedirect('contact'); return; // NOTREACHED } if ($cmd === 'update' && ($orig_record['uid'] != 0)) { self::updateContactFromPoll($contact_id); - goaway('contact/' . $contact_id); + $a->internalRedirect('contact/' . $contact_id); // NOTREACHED } if ($cmd === 'updateprofile' && ($orig_record['uid'] != 0)) { self::updateContactFromProbe($contact_id); - goaway('crepair/' . $contact_id); + $a->internalRedirect('crepair/' . $contact_id); // NOTREACHED } @@ -396,7 +396,7 @@ class Contact extends BaseModule $blocked = Model\Contact::isBlockedByUser($contact_id, local_user()); info(($blocked ? L10n::t('Contact has been blocked') : L10n::t('Contact has been unblocked')) . EOL); - goaway('contact/' . $contact_id); + $a->internalRedirect('contact/' . $contact_id); return; // NOTREACHED } @@ -406,7 +406,7 @@ class Contact extends BaseModule $ignored = Model\Contact::isIgnoredByUser($contact_id, local_user()); info(($ignored ? L10n::t('Contact has been ignored') : L10n::t('Contact has been unignored')) . EOL); - goaway('contact/' . $contact_id); + $a->internalRedirect('contact/' . $contact_id); return; // NOTREACHED } @@ -417,7 +417,7 @@ class Contact extends BaseModule info((($archived) ? L10n::t('Contact has been archived') : L10n::t('Contact has been unarchived')) . EOL); } - goaway('contact/' . $contact_id); + $a->internalRedirect('contact/' . $contact_id); return; // NOTREACHED } @@ -451,13 +451,13 @@ class Contact extends BaseModule } // Now check how the user responded to the confirmation query if (!empty($_REQUEST['canceled'])) { - goaway('contact'); + $a->internalRedirect('contact'); } self::dropContact($orig_record); info(L10n::t('Contact has been removed.') . EOL); - goaway('contact'); + $a->internalRedirect('contact'); return; // NOTREACHED } if ($cmd === 'posts') { @@ -468,7 +468,7 @@ class Contact extends BaseModule } } - $_SESSION['return_url'] = $a->query_string; + $_SESSION['return_path'] = $a->query_string; if (!empty($a->data['contact']) && is_array($a->data['contact'])) { $contact_id = $a->data['contact']['id']; diff --git a/src/Module/Login.php b/src/Module/Login.php index deb6afcfb..df918c44c 100644 --- a/src/Module/Login.php +++ b/src/Module/Login.php @@ -10,6 +10,7 @@ use Friendica\Core\Addon; use Friendica\Core\Authentication; use Friendica\Core\Config; use Friendica\Core\L10n; +use Friendica\Core\System; use Friendica\Database\DBA; use Friendica\Model\User; use Friendica\Util\DateTimeFormat; @@ -39,17 +40,17 @@ class Login extends BaseModule } if (local_user()) { - goaway(self::getApp()->getBaseURL()); + $a->internalRedirect(); } - return self::form($_SESSION['return_url'], intval(Config::get('config', 'register_policy')) !== REGISTER_CLOSED); + return self::form($_SESSION['return_path'], intval(Config::get('config', 'register_policy')) !== REGISTER_CLOSED); } public static function post() { - $return_url = $_SESSION['return_url']; + $return_path = $_SESSION['return_path']; session_unset(); - $_SESSION['return_url'] = $return_url; + $_SESSION['return_path'] = $return_path; // OpenId Login if ( @@ -83,22 +84,23 @@ class Login extends BaseModule { $noid = Config::get('system', 'no_openid'); + $a = self::getApp(); + // if it's an email address or doesn't resolve to a URL, fail. if ($noid || strpos($openid_url, '@') || !Network::isUrlValid($openid_url)) { notice(L10n::t('Login failed.') . EOL); - goaway(self::getApp()->getBaseURL()); + $a->internalRedirect(); // NOTREACHED } // Otherwise it's probably an openid. try { - $a = get_app(); $openid = new LightOpenID($a->getHostName()); $openid->identity = $openid_url; $_SESSION['openid'] = $openid_url; $_SESSION['remember'] = $remember; - $openid->returnUrl = self::getApp()->getBaseURL(true) . '/openid'; - goaway($openid->authUrl()); + $openid->returnUrl = $a->getBaseURL(true) . '/openid'; + System::externalRedirect($openid->authUrl()); } catch (Exception $e) { notice(L10n::t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . '

' . L10n::t('The error message was:') . ' ' . $e->getMessage()); } @@ -122,6 +124,8 @@ class Login extends BaseModule 'user_record' => null ]; + $a = self::getApp(); + /* * An addon indicates successful login by setting 'authenticated' to non-zero value and returning a user record * Addons should never set 'authenticated' except to indicate success - as hooks may be chained @@ -144,7 +148,7 @@ class Login extends BaseModule } catch (Exception $e) { logger('authenticate: failed login attempt: ' . notags($username) . ' from IP ' . $_SERVER['REMOTE_ADDR']); info('Login failed. Please check your credentials.' . EOL); - goaway('/'); + $a->internalRedirect(); } if (!$remember) { @@ -156,14 +160,14 @@ class Login extends BaseModule $_SESSION['last_login_date'] = DateTimeFormat::utcNow(); Authentication::setAuthenticatedSessionForUser($record, true, true); - if (x($_SESSION, 'return_url')) { - $return_url = $_SESSION['return_url']; - unset($_SESSION['return_url']); + if (x($_SESSION, 'return_path')) { + $return_path = $_SESSION['return_path']; + unset($_SESSION['return_path']); } else { - $return_url = ''; + $return_path = ''; } - goaway($return_url); + $a->internalRedirect($return_path); } /** @@ -173,6 +177,8 @@ class Login extends BaseModule */ public static function sessionAuth() { + $a = self::getApp(); + // When the "Friendica" cookie is set, take the value to authenticate and renew the cookie. if (isset($_COOKIE["Friendica"])) { $data = json_decode($_COOKIE["Friendica"]); @@ -191,7 +197,7 @@ class Login extends BaseModule if ($data->hash != Authentication::getCookieHashForUser($user)) { logger("Hash for user " . $data->uid . " doesn't fit."); Authentication::deleteSession(); - goaway(self::getApp()->getBaseURL()); + $a->internalRedirect(); } // Renew the cookie @@ -228,7 +234,7 @@ class Login extends BaseModule logger('Session address changed. Paranoid setting in effect, blocking session. ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']); Authentication::deleteSession(); - goaway(self::getApp()->getBaseURL()); + $a->internalRedirect(); } $user = DBA::selectFirst('user', [], @@ -242,7 +248,7 @@ class Login extends BaseModule ); if (!DBA::isResult($user)) { Authentication::deleteSession(); - goaway(self::getApp()->getBaseURL()); + $a->internalRedirect(); } // Make sure to refresh the last login time for the user if the user @@ -263,7 +269,7 @@ class Login extends BaseModule /** * @brief Wrapper for adding a login box. * - * @param string $return_url The url relative to the base the user should be sent + * @param string $return_path The path relative to the base the user should be sent * back to after login completes * @param bool $register If $register == true provide a registration link. * This will most always depend on the value of config.register_policy. @@ -273,7 +279,7 @@ class Login extends BaseModule * * @hooks 'login_hook' string $o */ - public static function form($return_url = null, $register = false, $hiddens = []) + public static function form($return_path = null, $register = false, $hiddens = []) { $a = self::getApp(); $o = ''; @@ -287,8 +293,8 @@ class Login extends BaseModule $noid = Config::get('system', 'no_openid'); - if (is_null($return_url)) { - $return_url = $a->query_string; + if (is_null($return_path)) { + $return_path = $a->query_string; } if (local_user()) { @@ -302,7 +308,7 @@ class Login extends BaseModule ); $tpl = get_markup_template('login.tpl'); - $_SESSION['return_url'] = $return_url; + $_SESSION['return_path'] = $return_path; } $o .= replace_macros( diff --git a/src/Module/Logout.php b/src/Module/Logout.php index b12ba1028..f212a8940 100644 --- a/src/Module/Logout.php +++ b/src/Module/Logout.php @@ -8,6 +8,7 @@ use Friendica\BaseModule; use Friendica\Core\Addon; use Friendica\Core\Authentication; use Friendica\Core\L10n; +use Friendica\Core\System; require_once 'boot.php'; @@ -26,6 +27,6 @@ class Logout extends BaseModule Addon::callHooks("logging_out"); Authentication::deleteSession(); info(L10n::t('Logged out.') . EOL); - goaway(self::getApp()->getBaseURL()); + self::getApp()->internalRedirect(); } } diff --git a/src/Module/Magic.php b/src/Module/Magic.php index 768fe69eb..1d7cb715e 100644 --- a/src/Module/Magic.php +++ b/src/Module/Magic.php @@ -7,6 +7,7 @@ namespace Friendica\Module; use Friendica\BaseModule; use Friendica\Database\DBA; use Friendica\Model\Contact; +use Friendica\Core\System; use Friendica\Util\HTTPSignature; use Friendica\Util\Network; @@ -41,9 +42,13 @@ class Magic extends BaseModule if (!$cid) { logger('No contact record found: ' . print_r($_REQUEST, true), LOGGER_DEBUG); - goaway($dest); + // @TODO Finding a more elegant possibility to redirect to either internal or external URL + if (filter_var($dest, FILTER_VALIDATE_URL)) { + System::externalRedirect($dest); + } else { + $a->internalRedirect($dest); + } } - $contact = DBA::selectFirst('contact', ['id', 'nurl', 'url'], ['id' => $cid]); // Redirect if the contact is already authenticated on this site. @@ -55,7 +60,7 @@ class Magic extends BaseModule } logger('Contact is already authenticated', LOGGER_DEBUG); - goaway($dest); + System::externalRedirect($dest); } if (local_user()) { @@ -99,10 +104,10 @@ class Magic extends BaseModule $x = strpbrk($dest, '?&'); $args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token); - goaway($dest . $args); + System::externalRedirect($dest . $args); } } - goaway($dest); + System::externalRedirect($dest); } } @@ -111,6 +116,11 @@ class Magic extends BaseModule return $ret; } - goaway($dest); + // @TODO Finding a more elegant possibility to redirect to either internal or external URL + if (filter_var($dest, FILTER_VALIDATE_URL)) { + System::externalRedirect($dest); + } else { + $a->internalRedirect($dest); + } } } diff --git a/src/Module/Objects.php b/src/Module/Objects.php index ba9dace2e..d51d5785a 100644 --- a/src/Module/Objects.php +++ b/src/Module/Objects.php @@ -24,7 +24,7 @@ class Objects extends BaseModule } if (!ActivityPub::isRequest()) { - goaway(str_replace('objects/', 'display/', $a->query_string)); + $a->internalRedirect(str_replace('objects/', 'display/', $a->query_string)); } $item = Item::selectFirst(['id'], ['guid' => $a->argv[1], 'wall' => true, 'private' => false]); diff --git a/src/Module/Tos.php b/src/Module/Tos.php index e8a152b50..db8b55885 100644 --- a/src/Module/Tos.php +++ b/src/Module/Tos.php @@ -49,7 +49,7 @@ class Tos extends BaseModule public static function init() { if (strlen(Config::get('system','singleuser'))) { - goaway(System::baseUrl()."/profile/" . Config::get('system','singleuser')); + self::getApp()->internalRedirect('profile/' . Config::get('system','singleuser')); } } /** diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php index 21a0f4394..e8cf4a631 100644 --- a/src/Protocol/DFRN.php +++ b/src/Protocol/DFRN.php @@ -3037,7 +3037,7 @@ class DFRN logger('auto_redir: ' . $r[0]['name'] . ' ' . $sec, LOGGER_DEBUG); $dest = (($url) ? '&destination_url=' . $url : ''); - goaway($r[0]['poll'] . '?dfrn_id=' . $dfrn_id + System::externalRedirect($r[0]['poll'] . '?dfrn_id=' . $dfrn_id . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest); } diff --git a/tests/ApiTest.php b/tests/ApiTest.php index 4d6d6f082..c509c7d2a 100644 --- a/tests/ApiTest.php +++ b/tests/ApiTest.php @@ -3379,7 +3379,7 @@ class ApiTest extends DatabaseTest */ public function testApiFriendicaRemoteauthWithCorrectUrl() { - $this->markTestIncomplete("We can't use an assertion here because of goaway()."); + $this->markTestIncomplete("We can't use an assertion here because of App->redirect()."); $_GET['url'] = 'url'; $_GET['c_url'] = $this->selfUser['nurl']; api_friendica_remoteauth();