Merge pull request #10463 from annando/proxy-security

Proxy: Avoid access for not logged in users
This commit is contained in:
Hypolite Petovan 2021-07-04 10:12:36 -04:00 committed by GitHub
commit bedc8e1427
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -23,6 +23,7 @@ namespace Friendica\Module;
use Friendica\BaseModule;
use Friendica\Core\Logger;
use Friendica\Core\System;
use Friendica\DI;
use Friendica\Model\Photo;
use Friendica\Object\Image;
@ -45,7 +46,7 @@ class Proxy extends BaseModule
* Sets application instance and checks if /proxy/ path is writable.
*
*/
public static function init(array $parameters = [])
public static function rawContent(array $parameters = [])
{
// Set application instance here
$a = DI::app();
@ -89,6 +90,11 @@ class Proxy extends BaseModule
throw new \Friendica\Network\HTTPException\BadRequestException();
}
if (!local_user()) {
Logger::info('Redirecting not logged in user to original address', ['url' => $request['url']]);
System::externalRedirect($request['url']);
}
// Webserver already tried direct cache...
// Try to use filecache;