mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-12 22:38:52 +00:00
some test code, hopefully working for all occassions where we are using the functions...
git-svn-id: file:///svn/phpbb/trunk@6487 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
parent
c2567c38ff
commit
23ef85fa74
2 changed files with 21 additions and 2 deletions
|
@ -1478,7 +1478,7 @@ function generate_board_url($without_script_path = false)
|
||||||
/**
|
/**
|
||||||
* Redirects the user to another page then exits the script nicely
|
* Redirects the user to another page then exits the script nicely
|
||||||
*/
|
*/
|
||||||
function redirect($url)
|
function redirect($url, $return = false)
|
||||||
{
|
{
|
||||||
global $db, $cache, $config, $user;
|
global $db, $cache, $config, $user;
|
||||||
|
|
||||||
|
@ -1554,6 +1554,17 @@ function redirect($url)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
|
||||||
|
if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false || strpos($url, generate_board_url()) !== 0)
|
||||||
|
{
|
||||||
|
trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($return)
|
||||||
|
{
|
||||||
|
return $url;
|
||||||
|
}
|
||||||
|
|
||||||
// Redirect via an HTML form for PITA webservers
|
// Redirect via an HTML form for PITA webservers
|
||||||
if (@preg_match('#Microsoft|WebSTAR|Xitami#', getenv('SERVER_SOFTWARE')))
|
if (@preg_match('#Microsoft|WebSTAR|Xitami#', getenv('SERVER_SOFTWARE')))
|
||||||
{
|
{
|
||||||
|
@ -1670,6 +1681,8 @@ function meta_refresh($time, $url)
|
||||||
{
|
{
|
||||||
global $template;
|
global $template;
|
||||||
|
|
||||||
|
$url = redirect($url, true);
|
||||||
|
|
||||||
$template->assign_vars(array(
|
$template->assign_vars(array(
|
||||||
'META' => '<meta http-equiv="refresh" content="' . $time . ';url=' . $url . '" />')
|
'META' => '<meta http-equiv="refresh" content="' . $time . ';url=' . $url . '" />')
|
||||||
);
|
);
|
||||||
|
|
|
@ -64,7 +64,8 @@ class session
|
||||||
$query_string = trim(implode('&', $args));
|
$query_string = trim(implode('&', $args));
|
||||||
|
|
||||||
// basenamed page name (for example: index.php)
|
// basenamed page name (for example: index.php)
|
||||||
$page_name = htmlspecialchars(basename($script_name));
|
$page_name = basename($script_name);
|
||||||
|
$page_name = urlencode(htmlspecialchars($page_name));
|
||||||
|
|
||||||
// current directory within the phpBB root (for example: adm)
|
// current directory within the phpBB root (for example: adm)
|
||||||
$root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($root_path)));
|
$root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($root_path)));
|
||||||
|
@ -112,6 +113,11 @@ class session
|
||||||
'page' => $page
|
'page' => $page
|
||||||
);
|
);
|
||||||
|
|
||||||
|
if (!file_exists($page_name))
|
||||||
|
{
|
||||||
|
trigger_error('You are on a page that does not exist!', E_USER_ERROR);
|
||||||
|
}
|
||||||
|
|
||||||
return $page_array;
|
return $page_array;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Add table
Reference in a new issue