From 81886c0eae6857d0b00ffbf1ed8c40ace8e88d57 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sat, 28 Jun 2008 15:07:37 +0000 Subject: [PATCH] New parameter for redirect() to circumvent the cross-domain check. git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8674 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions.php | 10 +++++++--- phpBB/viewforum.php | 4 +++- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 50e8b8b7fb..be3dac3449 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1802,8 +1802,12 @@ function generate_board_url($without_script_path = false) /** * Redirects the user to another page then exits the script nicely * This function is intended for urls within the board. It's not meant to redirect to cross-domains. +* +* @param string $url The url to redirect to +* @param bool $return If true, do not redirect but return the sanitized URL. Default is no return. +* @param bool $disable_cd_check If true, redirect() will redirect to an external domain. If false, the redirect point to the boards url if it does not match the current domain. Default is false. */ -function redirect($url, $return = false) +function redirect($url, $return = false, $disable_cd_check = false) { global $db, $cache, $config, $user, $phpbb_root_path; @@ -1830,8 +1834,8 @@ function redirect($url, $return = false) } else if (!empty($url_parts['scheme']) && !empty($url_parts['host'])) { - // Attention: only able to redirect within the same domain (yourdomain.com -> www.yourdomain.com will not work) - if ($url_parts['host'] !== $user->host) + // Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work) + if (!$disable_cd_check && $url_parts['host'] !== $user->host) { $url = generate_board_url(); } diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php index e8e6fab47a..12a6d940d1 100644 --- a/phpBB/viewforum.php +++ b/phpBB/viewforum.php @@ -107,7 +107,9 @@ if ($forum_data['forum_type'] == FORUM_LINK && $forum_data['forum_link']) $db->sql_query($sql); } - redirect($forum_data['forum_link']); + // We redirect to the url. The third parameter indicates that external redirects are allowed. + redirect($forum_data['forum_link'], false, true); + exit; } // Build navigation links