Added a method to strip crowdhandler parameters and redirect on promotion

carl-wells-crowdhandler · carl-wells-crowdhandler · commit 543fd8d77be3 · 2022-11-08T09:36:10.000Z
diff --git a/src/GateKeeper.php b/src/GateKeeper.php
@@ -9,6 +9,15 @@ class GateKeeper
     const TOKEN_COOKIE = 'ch-id';
     const TOKEN_URL = 'ch-id';
 
+    const CROWDHANDLER_PARAMS = array(
+        'ch-id',
+        'ch-fresh',
+        'ch-id-signature',
+        'ch-public-key',
+        'ch-requested',
+        'ch-code'
+    );
+
     private $ignore = "/^((?!.*\?).*(\.(avi|css|eot|gif|ico|jpg|jpeg|js|json|mov|mp4|mpeg|mpg|og[g|v]|pdf|png|svg|ttf|txt|wmv|woff|woff2|xml))$)/";
     private $client;
     private $failTrust = true;
@@ -45,15 +54,55 @@ public function __construct(Client $client, \Psr\Http\Message\ServerRequestInter
         } elseif (isset($cookies[self::TOKEN_COOKIE])) {
             $this->token = $cookies[self::TOKEN_COOKIE];
         }
-    //  now we've extracted the token we sanitize the url
-        $this->url = 'https://' . parse_url($this->url, PHP_URL_HOST) . parse_url($this->url, PHP_URL_PATH);
-        unset($get[self::TOKEN_URL]);
-        if(count($get)) $this->url .= '?' . http_build_query($get);
+
+        //  now we've extracted the token we sanitize the url
+        $this->url = $this->sanitizeURL($this->url, $get);
+        
         $this->detectClientIp($server);
         if (isset($server['HTTP_USER_AGENT'])) $this->agent = $server['HTTP_USER_AGENT'];
         if (isset($server['HTTP_ACCEPT_LANGUAGE'])) $this->lang = $server['HTTP_ACCEPT_LANGUAGE'];        
     }
 
+    /**
+     * Removes crowdhandler specific query parameters on promotion
+     * @param string $url The url that is currently being requested
+     * @param array $get An array of the current query sring parameters   
+     */
+    private function sanitizeURL ($url, $get)
+    {
+
+        $isPromoted = false;
+        
+        $parsed_url  = parse_url($url);
+        $this->url = 'https://' . $parsed_url['host'] . $parsed_url['path'];
+
+        $ch_params_to_remove = array();
+        for ($i=0; $i < Count(self::CROWDHANDLER_PARAMS); $i++) {
+            if (isset($get[self::CROWDHANDLER_PARAMS[$i]]))
+            {
+                $isPromoted = true;
+                array_push($ch_params_to_remove, $get[self::CROWDHANDLER_PARAMS[$i]]);
+            }
+        }
+
+        $remaining_query_parameters = array_diff($get, $ch_params_to_remove);
+        
+        if (Count($remaining_query_parameters) > 0) {
+            $this->url = $this->url .= '?' . http_build_query($remaining_query_parameters);
+        }
+
+        if($isPromoted) {
+            // and redirect
+            header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
+            header('location: '.$this->url, true, self::HTTP_REDIRECT_CODE);
+            exit;
+        } else {
+            return $this->url;
+        }
+
+       
+    }
+
     private function detectClientIp($server)
     {
         if (array_key_exists('HTTP_X_FORWARDED_FOR', $server)) {
