adding defaults in mod/redir.php

include/api.php

@@ -4810,7 +4810,7 @@ function api_friendica_remoteauth()
 	logger($contact['name'] . ' ' . $sec, LOGGER_DEBUG);
 	$dest = ($url ? '&destination_url=' . $url : '');
 
-	System::externalRedirect((
+	System::externalRedirect(
 		$contact['poll'] . '?dfrn_id=' . $dfrn_id
 		. '&dfrn_version=' . DFRN_PROTOCOL_VERSION
 		. '&type=profile&sec=' . $sec . $dest

mod/redir.php

@@ -36,7 +36,7 @@ function redir_init(App $a) {
 			|| (!local_user() && !remote_user()) // Visitors (not logged in or not remotes) can't authenticate.
 			|| (!empty($a->contact['id']) && $a->contact['id'] == $cid)) // Local user is already authenticated.
 		{
-			System::externalRedirect($url != '' ? $url : $contact_url);
+			System::externalRedirect(defaults($url, $contact_url));
 		}
 
 		if ($contact['uid'] == 0 && local_user()) {
@@ -50,7 +50,7 @@ function redir_init(App $a) {
 
 			if (!empty($a->contact['id']) && $a->contact['id'] == $cid) {
 				// Local user is already authenticated.
-				$target_url = $url != '' ? $url : $contact_url;
+				$target_url = defaults($url, $contact_url);
 				logger($contact['name'] . " is already authenticated. Redirecting to " . $target_url, LOGGER_DEBUG);
 				System::externalRedirect($target_url);
 			}
@@ -71,7 +71,7 @@ function redir_init(App $a) {
 				foreach ($_SESSION['remote'] as $v) {
 					if ($v['uid'] == $_SESSION['visitor_visiting'] && $v['cid'] == $_SESSION['visitor_id']) {
 						// Remote user is already authenticated.
-						$target_url = $url != '' ? $url : $contact_url;
+						$target_url = defaults($url, $contact_url);
 						logger($contact['name'] . " is already authenticated. Redirecting to " . $target_url, LOGGER_DEBUG);
 						System::externalRedirect($target_url);
 					}
@@ -106,7 +106,7 @@ function redir_init(App $a) {
 				. '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest . $quiet);
 		}
 
-		$url = $url != '' ? $url : $contact_url;
+		$url = defaults($url, $contact_url);
 	}
 
 	// If we don't have a connected contact, redirect with
@@ -121,7 +121,7 @@ function redir_init(App $a) {
 		}
 
 		logger('redirecting to ' . $url, LOGGER_DEBUG);
-		$a->internalRedirect($url);
+		System::externalRedirect($url);
 	}
 
 	notice(L10n::t('Contact not found.'));

src/Module/Magic.php

@@ -7,6 +7,7 @@ namespace Friendica\Module;
 use Friendica\BaseModule;
 use Friendica\Database\DBA;
 use Friendica\Model\Contact;
+use Friendica\Core\System;
 use Friendica\Util\HTTPSignature;
 use Friendica\Util\Network;
 
@@ -41,9 +42,13 @@ class Magic extends BaseModule
 
 		if (!$cid) {
 			logger('No contact record found: ' . print_r($_REQUEST, true), LOGGER_DEBUG);
-			$a->internalRedirect($dest);
+			// @TODO Finding a more elegant possibility to redirect to either internal or external URL
+			if (filter_var($dest, FILTER_VALIDATE_URL)) {
+				System::externalRedirect($dest);
+			} else {
+				$a->internalRedirect($dest);
+			}
 		}
-
 		$contact = DBA::selectFirst('contact', ['id', 'nurl', 'url'], ['id' => $cid]);
 
 		// Redirect if the contact is already authenticated on this site.
@@ -55,7 +60,7 @@ class Magic extends BaseModule
 			}
 
 			logger('Contact is already authenticated', LOGGER_DEBUG);
-			$a->internalRedirect($dest);
+			System::externalRedirect($dest);
 		}
 
 		if (local_user()) {
@@ -99,10 +104,10 @@ class Magic extends BaseModule
 						$x = strpbrk($dest, '?&');
 						$args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token);
 
-						$a->internalRedirect($dest . $args);
+						System::externalRedirect($dest . $args);
 					}
 				}
-				$a->internalRedirect($dest);
+				System::externalRedirect($dest);
 			}
 		}
 
@@ -111,6 +116,11 @@ class Magic extends BaseModule
 			return $ret;
 		}
 
-		$a->internalRedirect($dest);
+		// @TODO Finding a more elegant possibility to redirect to either internal or external URL
+		if (filter_var($dest, FILTER_VALIDATE_URL)) {
+			System::externalRedirect($dest);
+		} else {
+			$a->internalRedirect($dest);
+		}
 	}
 }