function follow_post(App $a)
{
if (!local_user()) {
- System::httpExit(403, ['title' => L10n::t('Access denied.')]);
+ throw new \Friendica\Network\HTTPException\ForbiddenException(L10n::t('Access denied.'));
}
if (isset($_REQUEST['cancel'])) {
}
$uid = local_user();
- $url = Strings::escapeTags(trim(defaults($_REQUEST, 'url', '')));
+
+ // Issue 4815: Silently removing a prefixing @
+ $url = ltrim(Strings::escapeTags(trim(defaults($_REQUEST, 'url', ''))), '@!');
// Issue 6874: Allow remote following from Peertube
if (strpos($url, 'acct:') === 0) {