From 63a832830c961a42cf02d1a683d937404de1fa18 Mon Sep 17 00:00:00 2001
From: marko <marko@arvi>
Date: Tue, 6 Aug 2024 22:05:19 +0200
Subject: [PATCH] minor fixes

---
 .../cwsvjudo@bplaced/www/participo/admin.inc.php          | 1 +
 .../cwsvjudo@bplaced/www/participo/api/users.php          | 4 +---
 .../participo/cwsvjudo@bplaced/www/participo/lib/api.php  | 8 ++++----
 .../www/participo/lib/participoLib/participo.php          | 2 +-
 4 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/homepage/cwsvJudo/participo/cwsvjudo@bplaced/www/participo/admin.inc.php b/homepage/cwsvJudo/participo/cwsvjudo@bplaced/www/participo/admin.inc.php
index 20fb1b2..8cc2610 100644
--- a/homepage/cwsvJudo/participo/cwsvjudo@bplaced/www/participo/admin.inc.php
+++ b/homepage/cwsvJudo/participo/cwsvjudo@bplaced/www/participo/admin.inc.php
@@ -3,6 +3,7 @@ setlocale (LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge');
 set_include_path(get_include_path() . PATH_SEPARATOR . "./lib/");
 
 // configs and local data
+require_once 'config/participo.php';
 require_once './local/cwsvJudo.php';
 
 // libraries
diff --git a/homepage/cwsvJudo/participo/cwsvjudo@bplaced/www/participo/api/users.php b/homepage/cwsvJudo/participo/cwsvjudo@bplaced/www/participo/api/users.php
index 93820b4..2b7f3bb 100644
--- a/homepage/cwsvJudo/participo/cwsvjudo@bplaced/www/participo/api/users.php
+++ b/homepage/cwsvJudo/participo/cwsvjudo@bplaced/www/participo/api/users.php
@@ -21,14 +21,12 @@ function init($config)
 
 function authorize()
 {
-    if (array_key_exists("HTTP_AUTHORIZATION", $_SERVER)) {
-        if (!empty($_SERVER["HTTP_AUTHORIZATION"])) {
+    if (array_key_exists("HTTP_AUTHORIZATION", $_SERVER) && (!empty($_SERVER["HTTP_AUTHORIZATION"])) ) {
             $auth = explode(" ", $_SERVER["HTTP_AUTHORIZATION"]);
             if ($auth[0] = "Basic") {
                 $allowKey = ApiKey::loadFromDb($auth[1]);
             }
         }
-    }
 
     if (!$allowKey || !$allowKey->isValidFor("api")) {
         die(
diff --git a/homepage/cwsvJudo/participo/cwsvjudo@bplaced/www/participo/lib/api.php b/homepage/cwsvJudo/participo/cwsvjudo@bplaced/www/participo/lib/api.php
index 700f3b8..12365ea 100644
--- a/homepage/cwsvJudo/participo/cwsvjudo@bplaced/www/participo/lib/api.php
+++ b/homepage/cwsvJudo/participo/cwsvjudo@bplaced/www/participo/lib/api.php
@@ -3,10 +3,10 @@
 function processPostData($db, $post, $redirectLocation = '.')
 {
 	sleep(1);
-	if ($post['action']) {
-		// if there is a redirectlocation, set it
-		if ($post['redirectLocation']) {
-			$redirectLocation = $post['redirectLocation'];
+	if (array_key_exists("action", $post)) {
+		// if there is a redirectLocation, set it
+		if (array_key_exists("redirectLocation", $post)) {
+			$redirectLocation = filter_var($post['redirectLocation'], FILTER_SANITIZE_URL);
 		}
 
 		// change a users password
diff --git a/homepage/cwsvJudo/participo/cwsvjudo@bplaced/www/participo/lib/participoLib/participo.php b/homepage/cwsvJudo/participo/cwsvjudo@bplaced/www/participo/lib/participoLib/participo.php
index e0e3861..908077f 100644
--- a/homepage/cwsvJudo/participo/cwsvjudo@bplaced/www/participo/lib/participoLib/participo.php
+++ b/homepage/cwsvJudo/participo/cwsvjudo@bplaced/www/participo/lib/participoLib/participo.php
@@ -641,7 +641,7 @@ function logLoginsToJsonFile($userName, $fileName = 'lastLogins.json')
 function getCurPagesUrl()
 {
 	$pageURL = 'http';
-	if ($_SERVER['HTTPS'] == 'on') {
+	if ( array_key_exists("HTTPS", $_SERVER) && ($_SERVER['HTTPS'] == 'on')) {
 		$pageURL .= 's';
 	}
 	$pageURL .= '://';