From cd058dd9fe9f86aedb1d864ae78a17cd41003987 Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Fri, 6 Jun 2008 11:27:51 +0000 Subject: [PATCH] Some xenophobia git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8611 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/docs/CHANGELOG.html | 2 +- phpBB/includes/functions.php | 12 +++++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 805a16ec69..1a896013d3 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -114,7 +114,7 @@
  • [Fix] corrected link for searching post author's other posts (Bug #26455)
  • [Fix] HTTP Authentication supports UTF-8 usernames now (Bug #21135)
  • [Fix] Topic searches by author no longer return invalid results (Bug #11777)
    • - +
  • [Change] Don't allow redirects to different domains. (thanks nookieman)

    • 1.ii. Changes since 3.0.0

    diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index ba12fd6e4e..43e89c10fa 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1829,7 +1829,10 @@ function redirect($url, $return = false) } else if (!empty($url_parts['scheme']) && !empty($url_parts['host'])) { - // Full URL + if ($url_parts['host'] !== $user->host) + { + $url = generate_board_url(true); + } } else if ($url[0] == '/') { @@ -2045,11 +2048,14 @@ function meta_refresh($time, $url) global $template; $url = redirect($url, true); + $url = str_replace('&', '&', $url); // For XHTML compatibility we change back & to & $template->assign_vars(array( - 'META' => '') + 'META' => '') ); + + return $url; } //Form validation @@ -2331,7 +2337,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa return; } - meta_refresh(3, $redirect); + $redirect = meta_refresh(3, $redirect); trigger_error($message . '

    ' . sprintf($l_redirect, '', '')); }