From 329b54d00f117efd769311243d67b1e5942c4e30 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Mon, 3 Mar 2025 21:42:54 +0100
Subject: [PATCH] encrypt referer to prevent malicious manipulation

---
 op/op.SetLanguage.php                 | 3 +--
 views/bootstrap/class.Bootstrap.php   | 2 +-
 views/bootstrap4/class.Bootstrap4.php | 2 +-
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/op/op.SetLanguage.php b/op/op.SetLanguage.php
index 9cb0b2d02..f9a2da8b8 100644
--- a/op/op.SetLanguage.php
+++ b/op/op.SetLanguage.php
@@ -31,5 +31,4 @@ include("../inc/inc.Authentication.php");
 
 $session->setLanguage($_GET['lang']);
 
-header("Location: http".((isset($_SERVER['HTTPS']) && (strcmp($_SERVER['HTTPS'],'off')!=0)) ? "s" : "")."://".$_SERVER['HTTP_HOST'].$_GET['referer']);
-?>
+header("Location: http".((isset($_SERVER['HTTPS']) && (strcmp($_SERVER['HTTPS'],'off')!=0)) ? "s" : "")."://".$_SERVER['HTTP_HOST'].decryptData($settings->_encryptionKey, $_GET['referer']));
diff --git a/views/bootstrap/class.Bootstrap.php b/views/bootstrap/class.Bootstrap.php
index 017e213a1..a9bdcc62f 100644
--- a/views/bootstrap/class.Bootstrap.php
+++ b/views/bootstrap/class.Bootstrap.php
@@ -390,7 +390,7 @@ background-image: linear-gradient(to bottom, #882222, #111111);;
 						echo "<li class=\"active\">";
 					else
 						echo "<li>";
-					echo "<a href=\"".$this->params['settings']->_httpRoot."op/op.SetLanguage.php?lang=".$currLang."&referer=".$_SERVER["REQUEST_URI"]."\">";
+					echo "<a href=\"".$this->params['settings']->_httpRoot."op/op.SetLanguage.php?lang=".$currLang."&referer=".urlencode(encryptData($this->params['settings']->_encryptionKey, $_SERVER["REQUEST_URI"]))."\">";
 					echo getMLText($currLang)."</a></li>\n";
 				}
 				echo "     </ul>\n";
diff --git a/views/bootstrap4/class.Bootstrap4.php b/views/bootstrap4/class.Bootstrap4.php
index 9e7c2fa64..843f11277 100644
--- a/views/bootstrap4/class.Bootstrap4.php
+++ b/views/bootstrap4/class.Bootstrap4.php
@@ -460,7 +460,7 @@ background-image: linear-gradient(to bottom, #882222, #111111);;
 						echo "      <a class=\"dropdown-item active\"";
 					else
 						echo "      <a class=\"dropdown-item\"";
-					echo " href=\"".$this->params['settings']->_httpRoot."op/op.SetLanguage.php?lang=".$currLang."&referer=".$_SERVER["REQUEST_URI"]."\">";
+					echo " href=\"".$this->params['settings']->_httpRoot."op/op.SetLanguage.php?lang=".$currLang."&referer=".urlencode(encryptData($this->params['settings']->_encryptionKey, $_SERVER["REQUEST_URI"]))."\">";
 					echo getMLText($currLang)."</a>\n";
 				}
 				echo "     </div>\n";