From 725e660ac61a8d40421527c691e4f1c8048ef174 Mon Sep 17 00:00:00 2001
From: Daniel Winzen <daniel@danwin1210.me>
Date: Fri, 13 Nov 2020 09:21:26 +0100
Subject: [PATCH] Set canonical tag only with whitelisted parameters

---
 www/onions.php | 12 +++++++++++-
 www/test.php   |  6 +++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/www/onions.php b/www/onions.php
index 6df5442..2c84d61 100644
--- a/www/onions.php
+++ b/www/onions.php
@@ -55,6 +55,16 @@ function send_html(){
 		$I['lastadded']=>"address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing)',
 		$I['offline']=>"address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff>604800'
 	];
+	$canonical_query = [];
+	if(!empty($_REQUEST['cat'])) {
+		$canonical_query['cat'] = $_REQUEST['cat'];
+	}
+	if(!empty($_REQUEST['pg'])) {
+		$canonical_query['pg'] = $_REQUEST['pg'];
+	}
+	if(!empty($_REQUEST['lang'])) {
+		$canonical_query['lang'] = $_REQUEST['lang'];
+	}
 	if(!isset($_REQUEST['pg'])){
 		$_REQUEST['pg']=1;
 	}else{
@@ -111,7 +121,7 @@ function send_html(){
 	echo '<meta name="author" content="Daniel Winzen">';
 	echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
 	echo '<meta name="description" content="Huge link list of Tor hidden service onions. All the darknet links you need in one place.">';
-	echo '<link rel="canonical" href="' . CANONICAL_URL . $_SERVER['SCRIPT_NAME'] . (empty($_SERVER['QUERY_STRING']) ? '' : '?' . $_SERVER['QUERY_STRING']) . '">';
+	echo '<link rel="canonical" href="' . CANONICAL_URL . $_SERVER['SCRIPT_NAME'] . (empty($canonical_query) ? '' : '?' . http_build_query($canonical_query)) . '">';
 	echo '<style type="text/css">'.$style.'</style>';
 	echo '<base rel="noopener" target="_blank">';
 	echo '</head><body><main>';
diff --git a/www/test.php b/www/test.php
index ea7ee0b..e8ccbf7 100644
--- a/www/test.php
+++ b/www/test.php
@@ -2,13 +2,17 @@
 require_once(__DIR__.'/../common_config.php');
 $style = '.red{color:red}.green{color:green}.software-link{text-align:center;font-size:small}.list{padding:0;}.list li{display:inline-block;padding:0.35em}';
 send_headers([$style]);
+$canonical_query = [];
+if(!empty($_REQUEST['lang'])) {
+	$canonical_query['lang'] = $_REQUEST['lang'];
+}
 echo '<!DOCTYPE html><html lang="'.$language.'"><head>';
 echo "<title>$I[testtitle]</title>";
 echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
 echo '<meta name="author" content="Daniel Winzen">';
 echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
 echo '<meta name="description" content="Test whether a Tor hidden service onion is online or offline">';
-echo '<link rel="canonical" href="' . CANONICAL_URL . $_SERVER['SCRIPT_NAME'] . '">';
+echo '<link rel="canonical" href="' . CANONICAL_URL . $_SERVER['SCRIPT_NAME'] . (empty($canonical_query) ? '' : '?' . http_build_query($canonical_query)) . '">';
 echo '<style type="text/css">'.$style.'</style>';
 echo '</head><body><main>';
 echo "<h1>$I[testtitle]</h1>";