Merge pull request #6225 from annando/http-error

[friendica.git] / mod / bookmarklet.php

diff --git a/mod/bookmarklet.php b/mod/bookmarklet.php
index 88097eb91006ba072942641683c4426420ac4586..d9c2f52f821d0a449c7a24b116fd0f36358ae4dd 100644 (file)
--- a/mod/bookmarklet.php
+++ b/mod/bookmarklet.php
@@ -9,6 +9,7 @@ use Friendica\Core\Config;
 use Friendica\Core\L10n;
 use Friendica\Core\System;
 use Friendica\Module\Login;
+use Friendica\Util\Strings;
 
 require_once 'include/conversation.php';
 require_once 'include/items.php';
@@ -22,14 +23,18 @@ function bookmarklet_content(App $a)
 {
        if (!local_user()) {
                $o = '<h2>' . L10n::t('Login') . '</h2>';
-               $o .= Login::form($a->query_string, Config::get('config', 'register_policy') === REGISTER_CLOSED ? false : true);
+               $o .= Login::form($a->query_string, intval(Config::get('config', 'register_policy')) === REGISTER_CLOSED ? false : true);
                return $o;
        }
 
-       $referer = normalise_link($_SERVER["HTTP_REFERER"]);
-       $page = normalise_link(System::baseUrl() . "/bookmarklet");
+       $referer = Strings::normaliseLink(defaults($_SERVER, 'HTTP_REFERER', ''));
+       $page = Strings::normaliseLink(System::baseUrl() . "/bookmarklet");
 
        if (!strstr($referer, $page)) {
+               if (empty($_REQUEST["url"])) {
+                       System::httpExit(400, ["title" => L10n::t('Bad Request')]);
+               }
+
                $content = add_page_info($_REQUEST["url"]);
 
                $x = [
@@ -43,7 +48,7 @@ function bookmarklet_content(App $a)
                        'bang' => '',
                        'visitor' => 'block',
                        'profile_uid' => local_user(),
-                       'title' => trim($_REQUEST["title"], "*"),
+                       'title' => trim(defaults($_REQUEST, 'title', ''), "*"),
                        'content' => $content
                ];
                $o = status_editor($a, $x, 0, false);