From a171c44170a859b100b82e2a8edd34181abcb8a8 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Thu, 14 Nov 2013 15:40:46 -0600
Subject: [PATCH] Regression: restore l.php Referrer cloaking

---
 l.php     | 10 +++++++++-
 scp/l.php | 10 +++++++++-
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/l.php b/l.php
index 150048429..b6a47ff84 100644
--- a/l.php
+++ b/l.php
@@ -23,6 +23,14 @@ if (!($url=trim($_GET['url'])))
 $check = (strpos($url, '//') === 0) ? 'http:' . $url : $url;
 if (!Validator::is_url($check) || !$ost->validateLinkToken($_GET['auth']))
     Http::response(403, 'URL link not authorized');
-else
+elseif (strpos($_SERVER['HTTP_ACCEPT'], 'text/html') === false)
     Http::redirect($url);
 ?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+    <meta http-equiv="content-type" content="text/html; charset=utf-8"/>
+    <meta http-equiv="refresh" content="0;URL=<?php echo $url; ?>"/>
+</head>
+<body/>
+</html>
diff --git a/scp/l.php b/scp/l.php
index 8e0dd28b7..f05349be0 100644
--- a/scp/l.php
+++ b/scp/l.php
@@ -23,6 +23,14 @@ if (!($url=trim($_GET['url'])))
 $check = (strpos($url, '//') === 0) ? 'http:' . $url : $url;
 if (!Validator::is_url($check) || !$ost->validateLinkToken($_GET['auth']))
     Http::response(403, 'URL link not authorized');
-else
+elseif (strpos($_SERVER['HTTP_ACCEPT'], 'text/html') === false)
     Http::redirect($url);
 ?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+    <meta http-equiv="content-type" content="text/html; charset=utf-8"/>
+    <meta http-equiv="refresh" content="0;URL=<?php echo $url; ?>"/>
+</head>
+<body/>
+</html>
-- 
GitLab