if (in_array($rel, [Contact::SHARING, Contact::FRIEND])) {
$unfollow_link = 'contact/unfollow?url=' . urlencode($contact_url) . '&auto=1';
} elseif (!$pending) {
- $follow_link = 'contact/follow?url=' . urlencode($contact_url) . '&auto=1';
+ $follow_link = 'contact/follow?binurl=' . bin2hex($contact_url) . '&auto=1';
}
}
if ($contact['uid'] && in_array($contact['rel'], [self::SHARING, self::FRIEND])) {
$unfollow_link = 'contact/unfollow?url=' . urlencode($contact['url']) . '&auto=1';
} elseif (!$contact['pending']) {
- $follow_link = 'contact/follow?url=' . urlencode($contact['url']) . '&auto=1';
+ $follow_link = 'contact/follow?binurl=' . bin2hex($contact['url']) . '&auto=1';
}
}
if ($visitor_is_following) {
$unfollow_link = $visitor_base_path . '/contact/unfollow?url=' . urlencode($profile_url) . '&auto=1';
} else {
- $follow_link = $visitor_base_path . '/contact/follow?url=' . urlencode($profile_url) . '&auto=1';
+ $follow_link = $visitor_base_path . '/contact/follow?binurl=' . bin2hex($profile_url) . '&auto=1';
}
}
throw new ForbiddenException($this->t('Access denied.'));
}
- if (isset($request['cancel']) || empty($request['url'])) {
- $this->baseUrl->redirect('contact');
+ if (!empty($request['follow-url'])) {
+ $this->baseUrl->redirect('contact/follow?binurl=' . bin2hex($request['follow-url']));
}
- $url = Probe::cleanURI($request['url']);
+ $url = $this->getUrl($request);
+
+ if (isset($request['cancel']) || empty($url)) {
+ $this->baseUrl->redirect('contact');
+ }
$this->process($url);
}
$uid = $this->session->getLocalUserId();
// uri is used by the /authorize_interaction Mastodon route
- $url = Probe::cleanURI(trim($request['uri'] ?? $request['url'] ?? ''));
+ $url = $this->getUrl($request);
// Issue 6874: Allow remote following from Peertube
if (strpos($url, 'acct:') === 0) {
protected function process(string $url)
{
- $returnPath = 'contact/follow?url=' . urlencode($url);
+ $returnPath = 'contact/follow?binurl=' . bin2hex($url);
$result = Contact::createFromProbeForUser($this->session->getLocalUserId(), $url);
return;
}
}
+
+ private function getUrl(array $request): string
+ {
+ if (!empty($request['binurl']) && Strings::isHex($request['binurl'])) {
+ $url = hex2bin($request['binurl']);
+ } else {
+ $url = $request['url'] ?? '';
+ }
+ return Probe::cleanURI($url);
+ }
}
} else {
$contact_actions['follow'] = [
'label' => $this->t('Follow'),
- 'url' => 'contact/follow?url=' . urlencode($contact['url']) . '&auto=1',
+ 'url' => 'contact/follow?binurl=' . bin2hex($contact['url']) . '&auto=1',
'title' => '',
'sel' => '',
'id' => 'follow',
<div id="follow-sidebar" class="widget">
<h3>{{$connect}}</h3>
<div id="connect-desc">{{$desc nofilter}}</div>
- <form action="contact/follow" method="get">
- <input id="side-follow-url" type="text" name="url" value="{{$value}}" size="24" placeholder="{{$hint}}" title="{{$hint}}" /><input id="side-follow-submit" type="submit" name="submit" value="{{$follow}}" />
+ <form action="contact/follow" method="post">
+ <input id="side-follow-url" type="text" name="follow-url" value="{{$value}}" size="24" placeholder="{{$hint}}" title="{{$hint}}" /><input id="side-follow-submit" type="submit" name="submit" value="{{$follow}}" />
</form>
</div>
<div id="follow-sidebar" class="widget">
<h3>{{$connect}}</h3>
- <form action="contact/follow" method="get">
+ <form action="contact/follow" method="post">
{{* The input field - For visual consistence we are using a search input field*}}
<div class="form-group form-group-search">
- <input id="side-follow-url" class="search-input form-control form-search" type="text" name="url" value="{{$value}}" placeholder="{{$hint}}" data-toggle="tooltip" title="{{$hint}}" />
+ <input id="side-follow-url" class="search-input form-control form-search" type="text" name="follow-url" value="{{$value}}" placeholder="{{$hint}}" data-toggle="tooltip" title="{{$hint}}" />
<button id="side-follow-submit" class="btn btn-default btn-sm form-button-search" type="submit">{{$follow}}</button>
</div>
</form>
projects / friendica.git / commitdiff