From 4caceec51255df676334f3f04607af286ba319f9 Mon Sep 17 00:00:00 2001
From: Cyperghost <olaf_schmitz_1@t-online.de>
Date: Wed, 8 May 2024 11:19:04 +0200
Subject: [PATCH] Remove middleware to redirect to frontend. Redirect in
 `MediaPage`

---
 .../files/lib/acp/page/MediaPage.class.php    | 29 +++++++++++-
 .../EnforceAcpAuthentication.class.php        |  2 +
 .../RedirectMediaToFrontend.class.php         | 47 -------------------
 .../system/request/RequestHandler.class.php   |  2 -
 4 files changed, 29 insertions(+), 51 deletions(-)
 delete mode 100644 wcfsetup/install/files/lib/http/middleware/RedirectMediaToFrontend.class.php

diff --git a/wcfsetup/install/files/lib/acp/page/MediaPage.class.php b/wcfsetup/install/files/lib/acp/page/MediaPage.class.php
index 66e9aee90d..76fbe4dfd1 100644
--- a/wcfsetup/install/files/lib/acp/page/MediaPage.class.php
+++ b/wcfsetup/install/files/lib/acp/page/MediaPage.class.php
@@ -2,14 +2,39 @@
 
 namespace wcf\acp\page;
 
+use Laminas\Diactoros\Response\RedirectResponse;
+use wcf\page\AbstractPage;
+use wcf\system\request\LinkHandler;
+
 /**
- * Shows a media file in the ACP.
+ * Redirect all media requests to the frontend.
  *
  * @author  Matthias Schmidt
  * @copyright   2001-2019 WoltLab GmbH
  * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
  * @since   3.0
  */
-class MediaPage extends \wcf\page\MediaPage
+class MediaPage extends AbstractPage
 {
+    #[\Override]
+    public function readParameters()
+    {
+        parent::readParameters();
+        $args = [
+            'forceFrontend' => true,
+        ];
+        // Sending the original request parameters to the frontend.
+        // We do not check or change the request parameters to leak the data from a generated media object
+        if (isset($_REQUEST['id'])) {
+            $args['id'] = $_REQUEST['id'];
+        }
+        if (isset($_REQUEST['title'])) {
+            $args['title'] = $_REQUEST['title'];
+        }
+        if (isset($_REQUEST['thumbnail'])) {
+            $args['thumbnail'] = $_REQUEST['thumbnail'];
+        }
+
+        return new RedirectResponse(LinkHandler::getInstance()->getLink('Media', $args), 302);
+    }
 }
diff --git a/wcfsetup/install/files/lib/http/middleware/EnforceAcpAuthentication.class.php b/wcfsetup/install/files/lib/http/middleware/EnforceAcpAuthentication.class.php
index 36ac465b44..84878145cb 100644
--- a/wcfsetup/install/files/lib/http/middleware/EnforceAcpAuthentication.class.php
+++ b/wcfsetup/install/files/lib/http/middleware/EnforceAcpAuthentication.class.php
@@ -12,6 +12,7 @@ use wcf\acp\action\FullLogoutAction;
 use wcf\acp\form\LoginForm;
 use wcf\acp\form\MultifactorAuthenticationForm;
 use wcf\acp\form\ReauthenticationForm;
+use wcf\acp\page\MediaPage;
 use wcf\action\AJAXInvokeAction;
 use wcf\data\acp\session\access\log\ACPSessionAccessLogEditor;
 use wcf\data\acp\session\log\ACPSessionLog;
@@ -41,6 +42,7 @@ final class EnforceAcpAuthentication implements MiddlewareInterface
         ReauthenticationForm::class,
         FullLogoutAction::class,
         MultifactorAuthenticationForm::class,
+        MediaPage::class,
     ];
 
     /**
diff --git a/wcfsetup/install/files/lib/http/middleware/RedirectMediaToFrontend.class.php b/wcfsetup/install/files/lib/http/middleware/RedirectMediaToFrontend.class.php
deleted file mode 100644
index e63eb14058..0000000000
--- a/wcfsetup/install/files/lib/http/middleware/RedirectMediaToFrontend.class.php
+++ /dev/null
@@ -1,47 +0,0 @@
-<?php
-
-namespace wcf\http\middleware;
-
-use Laminas\Diactoros\Response\RedirectResponse;
-use Psr\Http\Message\ResponseInterface;
-use Psr\Http\Message\ServerRequestInterface;
-use Psr\Http\Server\MiddlewareInterface;
-use Psr\Http\Server\RequestHandlerInterface;
-use wcf\acp\page\MediaPage;
-use wcf\system\request\RequestHandler;
-use wcf\system\WCFACP;
-
-/**
- * Redirect all media requests in the ACP to the frontend.
- *
- * @author      Olaf Braun
- * @copyright   2001-2024 WoltLab GmbH
- * @license     GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
- * @since       6.1
- */
-final class RedirectMediaToFrontend implements MiddlewareInterface
-{
-    #[\Override]
-    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
-    {
-        if (!RequestHandler::getInstance()->isACPRequest()) {
-            return $handler->handle($request);
-        }
-
-        if (WCFACP::inRescueMode()) {
-            return $handler->handle($request);
-        }
-
-        $controller = RequestHandler::getInstance()->getActiveRequest()->getClassName();
-        if ($controller !== MediaPage::class) {
-            return $handler->handle($request);
-        }
-
-        return new RedirectResponse(
-            $request->getUri()->withPath(
-                \str_replace('/acp', '', $request->getUri()->getPath())
-            ),
-            301
-        );
-    }
-}
diff --git a/wcfsetup/install/files/lib/system/request/RequestHandler.class.php b/wcfsetup/install/files/lib/system/request/RequestHandler.class.php
index 29e50d4085..ddd21490b1 100644
--- a/wcfsetup/install/files/lib/system/request/RequestHandler.class.php
+++ b/wcfsetup/install/files/lib/system/request/RequestHandler.class.php
@@ -31,7 +31,6 @@ use wcf\http\middleware\HandleStartupErrors;
 use wcf\http\middleware\HandleValinorMappingErrors;
 use wcf\http\middleware\JsonBody;
 use wcf\http\middleware\PreventMimeSniffing;
-use wcf\http\middleware\RedirectMediaToFrontend;
 use wcf\http\middleware\TriggerBackgroundQueue;
 use wcf\http\middleware\VaryAcceptLanguage;
 use wcf\http\middleware\Xsrf;
@@ -142,7 +141,6 @@ final class RequestHandler extends SingletonFactory
                     new Xsrf(),
                     new CheckSystemEnvironment(),
                     new CheckUserBan(),
-                    new RedirectMediaToFrontend(),
                     new EnforceAcpAuthentication(),
                     new CheckForEnterpriseNonOwnerAccess(),
                     new CheckForExpiredAppEvaluation(),
-- 
2.20.1