minor fixes

homepage/cwsvJudo/participo/cwsvjudo@bplaced/www/participo/admin.inc.php

@@ -3,6 +3,7 @@ setlocale (LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge');
 set_include_path(get_include_path() . PATH_SEPARATOR . "./lib/");
 
 // configs and local data
+require_once 'config/participo.php';
 require_once './local/cwsvJudo.php';
 
 // libraries

homepage/cwsvJudo/participo/cwsvjudo@bplaced/www/participo/api/users.php

@@ -21,14 +21,12 @@ function init($config)
 
 function authorize()
 {
-    if (array_key_exists("HTTP_AUTHORIZATION", $_SERVER)) {
-        if (!empty($_SERVER["HTTP_AUTHORIZATION"])) {
+    if (array_key_exists("HTTP_AUTHORIZATION", $_SERVER) && (!empty($_SERVER["HTTP_AUTHORIZATION"])) ) {
             $auth = explode(" ", $_SERVER["HTTP_AUTHORIZATION"]);
             if ($auth[0] = "Basic") {
                 $allowKey = ApiKey::loadFromDb($auth[1]);
             }
         }
-    }
 
     if (!$allowKey || !$allowKey->isValidFor("api")) {
         die(

homepage/cwsvJudo/participo/cwsvjudo@bplaced/www/participo/lib/api.php

@@ -3,10 +3,10 @@
 function processPostData($db, $post, $redirectLocation = '.')
 {
 	sleep(1);
-	if ($post['action']) {
-		// if there is a redirectlocation, set it
-		if ($post['redirectLocation']) {
-			$redirectLocation = $post['redirectLocation'];
+	if (array_key_exists("action", $post)) {
+		// if there is a redirectLocation, set it
+		if (array_key_exists("redirectLocation", $post)) {
+			$redirectLocation = filter_var($post['redirectLocation'], FILTER_SANITIZE_URL);
 		}
 
 		// change a users password

homepage/cwsvJudo/participo/cwsvjudo@bplaced/www/participo/lib/participoLib/participo.php

@@ -641,7 +641,7 @@ function logLoginsToJsonFile($userName, $fileName = 'lastLogins.json')
 function getCurPagesUrl()
 {
 	$pageURL = 'http';
-	if ($_SERVER['HTTPS'] == 'on') {
+	if ( array_key_exists("HTTPS", $_SERVER) && ($_SERVER['HTTPS'] == 'on')) {
 		$pageURL .= 's';
 	}
 	$pageURL .= '://';