Regression: restore l.php Referrer cloaking

a171c441 · Jared Hancock · a359bf6a · a171c441 · a171c441
Commit a171c441 authored 11 years ago by Jared Hancock
--- a/l.php
+++ b/l.php
@@ -23,6 +23,14 @@ if (!($url=trim($_GET['url'])))
 $check = (strpos($url, '//') === 0) ? 'http:' . $url : $url;
 if (!Validator::is_url($check) || !$ost->validateLinkToken($_GET['auth']))
    Http::response(403, 'URL link not authorized');
-else
+elseif (strpos($_SERVER['HTTP_ACCEPT'], 'text/html') === false)
    Http::redirect($url);
 ?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+    <meta http-equiv="content-type" content="text/html; charset=utf-8"/>
+    <meta http-equiv="refresh" content="0;URL=<?php echo $url; ?>"/>
+</head>
+<body/>
+</html>
--- a/scp/l.php
+++ b/scp/l.php
@@ -23,6 +23,14 @@ if (!($url=trim($_GET['url'])))
 $check = (strpos($url, '//') === 0) ? 'http:' . $url : $url;
 if (!Validator::is_url($check) || !$ost->validateLinkToken($_GET['auth']))
    Http::response(403, 'URL link not authorized');
-else
+elseif (strpos($_SERVER['HTTP_ACCEPT'], 'text/html') === false)
    Http::redirect($url);
 ?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+    <meta http-equiv="content-type" content="text/html; charset=utf-8"/>
+    <meta http-equiv="refresh" content="0;URL=<?php echo $url; ?>"/>
+</head>
+<body/>
+</html>