From 2013f7a1c3ef61a66f5b158823d19c8e6ade8886 Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Sun, 27 Dec 2020 19:44:33 +0100
Subject: [PATCH] page: redirect location option in abort()

---
 error.inc.php        | 11 +++++++++--
 login/index.php      |  4 +---
 login/pass/index.php |  4 +---
 login/post/index.php |  4 +---
 page.php             |  8 ++------
 5 files changed, 14 insertions(+), 17 deletions(-)

diff --git a/error.inc.php b/error.inc.php
index faa7190..a9669c4 100644
--- a/error.inc.php
+++ b/error.inc.php
@@ -1,9 +1,16 @@
 <?php
 # custom error handling for MinimEdit
 
-function abort($body, $status = NULL)
+function abort($body, string $status = NULL)
 {
-	if ($status) header("HTTP/1.1 $status");
+	if ($status) {
+		header("HTTP/1.1 $status");
+		if ($status[0] === '3') {
+			# redirection (body specifies target)
+			header("Location: $body");
+			exit;
+		}
+	}
 	print "$body\n";
 	exit;
 }
diff --git a/login/index.php b/login/index.php
index 0f428ca..8e36628 100644
--- a/login/index.php
+++ b/login/index.php
@@ -59,9 +59,7 @@ if (!$User or !$User->login) {
 
 if (isset($_REQUEST['goto'])) {
 	$target = ltrim($_REQUEST['goto'], '/');
-	header("Location: /$target");
-	http_response_code(302);
-	exit;
+	abort("/$target", 302);
 }
 
 if (isset($Page->raw)) {
diff --git a/login/pass/index.php b/login/pass/index.php
index cd65186..4fb50d0 100644
--- a/login/pass/index.php
+++ b/login/pass/index.php
@@ -14,10 +14,8 @@ if (isset($_GET['token'])) {
 	}
 }
 elseif (!$User->login) {
-	http_response_code(303);
 	$target = urlencode($_SERVER['REQUEST_URI']);
-	header("Location: /login?goto=$target");
-	exit;
+	abort("/login?goto=$target", 303);
 }
 
 if ($_POST) {
diff --git a/login/post/index.php b/login/post/index.php
index 442efef..23c4451 100644
--- a/login/post/index.php
+++ b/login/post/index.php
@@ -2,10 +2,8 @@
 if (!$User) return;
 
 if (!$User->login) {
-	http_response_code(303);
 	$target = urlencode($_SERVER['REQUEST_URI']);
-	header("Location: /login?goto=$target");
-	exit;
+	abort("/login?goto=$target", 303);
 }
 elseif ($User->admin('user') and $username = @$_REQUEST['login']) {
 	try {
diff --git a/page.php b/page.php
index 35a810a..a9607c0 100644
--- a/page.php
+++ b/page.php
@@ -16,9 +16,7 @@ $staticpage = "$request.html";
 if (file_exists($staticpage)) {
 	if (is_link($staticpage)) {
 		$target = preg_replace('/\.html$/', '', readlink($staticpage));
-		header("HTTP/1.1 302 Shorthand");
-		header("Location: $target");
-		exit;
+		abort($target, '302 Shorthand');
 	}
 }
 elseif (file_exists("$request/index.html")) {
@@ -35,10 +33,8 @@ include_once 'auth.inc.php'; // sets global $User
 if ($Page->restricted) {
 	# access restriction
 	if (!$User->login) {
-		http_response_code(303);
 		$target = urlencode($Page->link);
-		header("Location: /login?goto=$target");
-		exit;
+		abort("/login?goto=$target", '303 Eerst inloggen');
 	}
 }
 
-- 
2.30.0