makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-12 22:38:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/security-180] Use language variable for redirect error in 3.1+

Browse source 
SECURITY-180
This commit is contained in:
Marc Alexander 2015-04-24 15:09:30 +02:00 committed by Andreas Fischer
parent 416728fc17
commit d7c96cc60c
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/includes/functions.php
View file

@ -2309,7 +2309,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work) // Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
if (!$disable_cd_check && $url_parts['host'] !== $user->host) if (!$disable_cd_check && $url_parts['host'] !== $user->host)
{ {
trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR); trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
} }
} }
else if ($url[0] == '/') else if ($url[0] == '/')