more referer dedupe

2020-03-27 20:24:26 +00:00 · 2020-03-27 20:24:26 +00:00 · 02675609b4
commit 02675609b4
parent 85662575c5
3 changed files with 13 additions and 16 deletions
--- a/core/urls.php
+++ b/core/urls.php
@ -117,7 +117,13 @@ function make_http(string $link): string
    return $link;
 }

-function referer_or(string $dest): string
+function referer_or(string $dest, ?array $blacklist=null): string
 {
-    return $_SERVER['HTTP_REFERER'] ?? $dest;
+    if(empty($_SERVER['HTTP_REFERER'])) return $dest;
+    if($blacklist) {
+        foreach($blacklist as $b) {
+            if(strstr($_SERVER['HTTP_REFERER'], $b)) return $dest;
+        }
+    }
+    return $_SERVER['HTTP_REFERER'];
 }
--- a/ext/image/main.php
+++ b/ext/image/main.php
@ -53,11 +53,7 @@ class ImageIO extends Extension
                if ($image) {
                    send_event(new ImageDeletionEvent($image));
                    $page->set_mode(PageMode::REDIRECT);
-                    if (isset($_SERVER['HTTP_REFERER']) && !strstr($_SERVER['HTTP_REFERER'], 'post/view')) {
-                        $page->set_redirect($_SERVER['HTTP_REFERER']);
-                    } else {
-                        $page->set_redirect(make_link("post/list"));
-                    }
+                    $page->set_redirect(referer_or(make_link("post/list"), ['post/view']));
                }
            }
        } elseif ($event->page_matches("image/replace")) {
--- a/ext/user/main.php
+++ b/ext/user/main.php
@ -391,10 +391,8 @@ class UserPage extends Extension
            $page->set_mode(PageMode::REDIRECT);

            // Try returning to previous page
-            if ($config->get_int("user_loginshowprofile", 0) == 0 &&
-                            isset($_SERVER['HTTP_REFERER']) &&
-                            strstr($_SERVER['HTTP_REFERER'], "post/")) {
-                $page->set_redirect($_SERVER['HTTP_REFERER']);
+            if ($config->get_int("user_loginshowprofile", 0)) {
+                $page->set_redirect(referer_or(make_link(), ["user/"]));
            } else {
                $page->set_redirect(make_link("user"));
            }
@ -416,11 +414,8 @@ class UserPage extends Extension
        $page->set_mode(PageMode::REDIRECT);

        // Try forwarding to same page on logout unless user comes from registration page
-        if ($config->get_int("user_loginshowprofile", 0) == 0 &&
-            isset($_SERVER['HTTP_REFERER']) &&
-            strstr($_SERVER['HTTP_REFERER'], "post/")
-        ) {
-            $page->set_redirect($_SERVER['HTTP_REFERER']);
+        if ($config->get_int("user_loginshowprofile", 0)) {
+            $page->set_redirect(referer_or(make_link(), ["post/"]));
        } else {
            $page->set_redirect(make_link());
        }