makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 04:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/15758] Show translated msg for INSECURE_REDIRECT

Browse source 
PHPBB3-15758
This commit is contained in:
Jakub Senko 2018-09-25 14:42:03 +02:00
parent 001f32da95
commit d29d4389f9
No known key found for this signature in database
GPG key ID: 6A7C328CD66EC21E
2 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
phpBB/includes/functions.php
View file

@ -1744,14 +1744,14 @@ function redirect($url, $return = false, $disable_cd_check = false)
if ($url_parts === false) if ($url_parts === false)
{ {
// Malformed url // Malformed url
trigger_error('INSECURE_REDIRECT', E_USER_ERROR); trigger_error('INSECURE_REDIRECT', E_USER_WARNING);
} }
else if (!empty($url_parts['scheme']) && !empty($url_parts['host'])) else if (!empty($url_parts['scheme']) && !empty($url_parts['host']))
{ {
// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work) // Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
if (!$disable_cd_check && $url_parts['host'] !== $user->host) if (!$disable_cd_check && $url_parts['host'] !== $user->host)
{ {
trigger_error('INSECURE_REDIRECT', E_USER_ERROR); trigger_error('INSECURE_REDIRECT', E_USER_WARNING);
} }
} }
else if ($url[0] == '/') else if ($url[0] == '/')
@ -1791,13 +1791,13 @@ function redirect($url, $return = false, $disable_cd_check = false)
if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0) if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0)
{ {
trigger_error('INSECURE_REDIRECT', E_USER_ERROR); trigger_error('INSECURE_REDIRECT', E_USER_WARNING);
} }
// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2 // Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false) if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false)
{ {
trigger_error('INSECURE_REDIRECT', E_USER_ERROR); trigger_error('INSECURE_REDIRECT', E_USER_WARNING);
} }
// Now, also check the protocol and for a valid url the last time... // Now, also check the protocol and for a valid url the last time...
@ -1806,7 +1806,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
if ($url_parts === false || empty($url_parts['scheme']) || !in_array($url_parts['scheme'], $allowed_protocols)) if ($url_parts === false || empty($url_parts['scheme']) || !in_array($url_parts['scheme'], $allowed_protocols))
{ {
trigger_error('INSECURE_REDIRECT', E_USER_ERROR); trigger_error('INSECURE_REDIRECT', E_USER_WARNING);
} }
/** /**

2
tests/security/redirect_test.php
View file

@ -109,7 +109,7 @@ class phpbb_security_redirect_test extends phpbb_security_test_base
if ($expected_error !== false) if ($expected_error !== false)
{ {
$this->setExpectedTriggerError(E_USER_ERROR, $user->lang[$expected_error]); $this->setExpectedTriggerError(E_USER_WARNING, $user->lang[$expected_error]);
} }
$result = redirect($test, true, $disable_cd_check); $result = redirect($test, true, $disable_cd_check);