From bc80703c13d20859d0f22751ff05e9426c5ee262 Mon Sep 17 00:00:00 2001
From: Meik Sievertsen <acydburn@phpbb.com>
Date: Wed, 26 Sep 2007 17:00:08 +0000
Subject: [PATCH] #i66

git-svn-id: file:///svn/phpbb/trunk@8114 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/functions.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 60d4297ff4..d4368d5ebf 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -1816,6 +1816,15 @@ function redirect($url, $return = false)
 		trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
 	}
 
+	// Now, also check the protocol and for a valid url the last time...
+	$allowed_protocols = array('http', 'https', 'ftp', 'ftps');
+	$url_parts = parse_url($url);
+
+	if ($url_parts === false || empty($url_parts['scheme']) || !in_array($url_parts['scheme'], $allowed_protocols))
+	{
+		trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
+	}
+
 	if ($return)
 	{
 		return $url;