makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-27 21:58:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/security-180] Merge if statement with previous one in 3.1.x

Browse source 
SECURITY-180
This commit is contained in:
Marc Alexander 2015-04-11 16:48:57 +02:00 committed by Andreas Fischer
parent 89723b17d9
commit ec207d0a71
1 changed files with 1 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
phpBB/includes/functions.php
View file

@ -2347,15 +2347,9 @@ function redirect($url, $return = false, $disable_cd_check = false)
// Clean URL and check if we go outside the forum directory // Clean URL and check if we go outside the forum directory
$url = $phpbb_path_helper->clean_url($url); $url = $phpbb_path_helper->clean_url($url);
if (!$disable_cd_check && strpos($url, generate_board_url(true)) === false)
{
trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
}
// Make sure we don't redirect to external URLs
if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0) if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0)
{ {
trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR); trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
} }
// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2 // Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2