Make parrameters configurable
This commit is contained in:
Phil
parent
405bb04c7c
commit
7779d71711
Binary file not shown.
|
|
@ -52,7 +52,6 @@ $target_open = $target_civicrm . '/civicrm/mailing/open';
|
||||||
#$target_url = $target_civicrm . '/sites/all/modules/civicrm/extern/url.php';
|
#$target_url = $target_civicrm . '/sites/all/modules/civicrm/extern/url.php';
|
||||||
#$target_open = $target_civicrm . '/sites/all/modules/civicrm/extern/open.php';
|
#$target_open = $target_civicrm . '/sites/all/modules/civicrm/extern/open.php';
|
||||||
|
|
||||||
|
|
||||||
/****************************************************************
|
/****************************************************************
|
||||||
** GENERAL OPTIONS **
|
** GENERAL OPTIONS **
|
||||||
****************************************************************/
|
****************************************************************/
|
||||||
|
|
@ -91,6 +90,23 @@ if (file_exists(dirname(__FILE__)."/secrets.php")) {
|
||||||
require "secrets.php";
|
require "secrets.php";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Parameter whitelisting for open tracking and URL tracking
|
||||||
|
// basic civicrm URL/open parameter are u, q and qid (as int)
|
||||||
|
// If additional parameters are needed, best practise would be to whitelist each one as needed in
|
||||||
|
// $valid_url_parameters and/or $valid_open_parameters.
|
||||||
|
// Alternatively it is also possible to allow all parameters with the wildcard parameter '*' => 'string'
|
||||||
|
$valid_url_parameters = [
|
||||||
|
'u' => 'int',
|
||||||
|
'q' => 'int',
|
||||||
|
'qid' => 'int',
|
||||||
|
// '*' => 'string' // whildcard, whitelist all url parameters
|
||||||
|
];
|
||||||
|
$valid_open_parameters = [
|
||||||
|
'u' => 'int',
|
||||||
|
'q' => 'int',
|
||||||
|
'qid' => 'int',
|
||||||
|
// '*' => 'string' // wildcard, whitelist *all* open parameters
|
||||||
|
];
|
||||||
|
|
||||||
/****************************************************************
|
/****************************************************************
|
||||||
** File Caching Options **
|
** File Caching Options **
|
||||||
|
|
|
||||||
|
|
@ -16,11 +16,5 @@ if (!$target_open) civiproxy_http_error("Feature disabled", 405);
|
||||||
// basic check
|
// basic check
|
||||||
civiproxy_security_check('open');
|
civiproxy_security_check('open');
|
||||||
|
|
||||||
// basic restraints
|
$parameters = civiproxy_get_parameters($valid_open_parameters);
|
||||||
$valid_parameters = [
|
|
||||||
'q' => 'int',
|
|
||||||
'qid' => 'int',
|
|
||||||
];
|
|
||||||
|
|
||||||
$parameters = civiproxy_get_parameters($valid_parameters);
|
|
||||||
civiproxy_redirect($target_open, $parameters);
|
civiproxy_redirect($target_open, $parameters);
|
||||||
|
|
|
||||||
|
|
@ -16,11 +16,5 @@ if (!$target_url) civiproxy_http_error("Feature disabled", 405);
|
||||||
// basic check
|
// basic check
|
||||||
civiproxy_security_check('url');
|
civiproxy_security_check('url');
|
||||||
|
|
||||||
// basic restraints
|
$parameters = civiproxy_get_parameters($valid_url_parameters);
|
||||||
$valid_parameters = array( 'u' => 'int',
|
|
||||||
'q' => 'int',
|
|
||||||
'qid' => 'int',
|
|
||||||
'*' => 'string');
|
|
||||||
|
|
||||||
$parameters = civiproxy_get_parameters($valid_parameters);
|
|
||||||
civiproxy_redirect($target_url, $parameters);
|
civiproxy_redirect($target_url, $parameters);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue