From 148c1c7e1a17b70ff9b75e5dd68ca63e1328843f Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Tue, 25 Jul 2023 23:13:01 +0200
Subject: [PATCH 1/2] Add new BaseUrl->isLocalUri and BaseUrl->isLocalUrl
 methods

- Deprecate Util\Network->isLocalLink to reduce dependency on DI class
---
 src/App/BaseURL.php  | 10 ++++++++++
 src/Util/Network.php |  3 ++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/App/BaseURL.php b/src/App/BaseURL.php
index 4030306849..cc20343d1c 100644
--- a/src/App/BaseURL.php
+++ b/src/App/BaseURL.php
@@ -127,4 +127,14 @@ class BaseURL extends Uri implements UriInterface
 		$redirectTo = $this->__toString() . '/' . ltrim($toUrl, '/');
 		System::externalRedirect($redirectTo);
 	}
+
+	public function isLocalUrl(string $url): bool
+	{
+		return strpos(Strings::normaliseLink($url), Strings::normaliseLink((string)$this)) === 0;
+	}
+
+	public function isLocalUri(UriInterface $uri): bool
+	{
+		return $this->isLocalUrl((string)$uri);
+	}
 }
diff --git a/src/Util/Network.php b/src/Util/Network.php
index f7ceab5433..495510189f 100644
--- a/src/Util/Network.php
+++ b/src/Util/Network.php
@@ -640,10 +640,11 @@ class Network
 	 * @param string $url
 	 *
 	 * @return bool
+	 * @deprecated since 2023.09, please use BaseUrl->isLocalUrl or BaseUrl->isLocalUri instead.
 	 */
 	public static function isLocalLink(string $url): bool
 	{
-		return (strpos(Strings::normaliseLink($url), Strings::normaliseLink(DI::baseUrl())) !== false);
+		return DI::baseUrl()->isLocalUrl($url);
 	}
 
 	/**

From 8c06f965314fd89f65ee0f1b3ac557588175456d Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Tue, 25 Jul 2023 23:14:15 +0200
Subject: [PATCH 2/2] Rework Module\ToggleMobile to check for local links

- Remove dependency on DI class
- Remove dependency on request/session superglobals
- Remove dependency on App class
---
 src/Module/ToggleMobile.php | 41 +++++++++++++++++++++++--------------
 1 file changed, 26 insertions(+), 15 deletions(-)

diff --git a/src/Module/ToggleMobile.php b/src/Module/ToggleMobile.php
index 2408ef7f3d..193f4566c7 100644
--- a/src/Module/ToggleMobile.php
+++ b/src/Module/ToggleMobile.php
@@ -21,32 +21,43 @@
 
 namespace Friendica\Module;
 
+use Friendica\App;
 use Friendica\BaseModule;
-use Friendica\DI;
+use Friendica\Core\L10n;
+use Friendica\Core\Session\Capability\IHandleSessions;
+use Friendica\Core\System;
+use Friendica\Network\HTTPException\BadRequestException;
+use Friendica\Util;
+use GuzzleHttp\Psr7\Uri;
+use Psr\Log\LoggerInterface;
 
 /**
  * Toggles the mobile view (on/off)
  */
 class ToggleMobile extends BaseModule
 {
-	protected function content(array $request = []): string
+	/** @var IHandleSessions */
+	private $session;
+
+	public function __construct(IHandleSessions $session, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Util\Profiler $profiler, Response $response, array $server, array $parameters = [])
 	{
-		$a = DI::app();
+		parent::__construct($l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
 
-		if (isset($_GET['off'])) {
-			$_SESSION['show-mobile'] = false;
-		} else {
-			$_SESSION['show-mobile'] = true;
+		$this->session = $session;
+	}
+
+	protected function rawContent(array $request = [])
+	{
+		$address = $request['address'] ?? '' ?: $this->baseUrl;
+
+		$uri = new Uri($address);
+
+		if (!$this->baseUrl->isLocalUri($uri)) {
+			throw new BadRequestException();
 		}
 
-		if (isset($_GET['address'])) {
-			$address = $_GET['address'];
-		} else {
-			$address = '';
-		}
+		$this->session->set('show-mobile', !isset($request['off']));
 
-		$a->redirect($address);
-
-		return '';
+		System::externalRedirect((string)$uri);
 	}
 }