diff options
| author | Josh Woody <a_jelly_doughnut@phpbb.com> | 2010-02-25 00:18:30 +0000 |
|---|---|---|
| committer | Josh Woody <a_jelly_doughnut@phpbb.com> | 2010-02-25 00:18:30 +0000 |
| commit | 9e64c3bd84b9b595da54c6463e068ca8b84e1ee0 (patch) | |
| tree | aa85a67d44700125848069e2d68c2782a28aa9f3 | |
| parent | 8f5155d272f53c538d4a3df113207d57004e0bf2 (diff) | |
| download | forums-9e64c3bd84b9b595da54c6463e068ca8b84e1ee0.tar forums-9e64c3bd84b9b595da54c6463e068ca8b84e1ee0.tar.gz forums-9e64c3bd84b9b595da54c6463e068ca8b84e1ee0.tar.bz2 forums-9e64c3bd84b9b595da54c6463e068ca8b84e1ee0.tar.xz forums-9e64c3bd84b9b595da54c6463e068ca8b84e1ee0.zip | |
Bug #56965 - Allow redirect() to redirect across directories.
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10536 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/docs/CHANGELOG.html | 1 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 13 |
2 files changed, 14 insertions, 0 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index bbd6259ae7..b0f1bd518d 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -95,6 +95,7 @@ <li>[Fix] Take admin's time zone settings into account when listing database backup files. (Bug #57385)</li> <li>[Fix] Honor minimum and maximum password length in generated passwords as much as we can. (Bug #13181)</li> <li>[Fix] No longer return the character O in generated random strings and passwords. (Bug #57345)</li> + <li>[Fix] Allow redirect() function to redirect across directories. (Bug #56965)</li> <li>[Feature] Support for Microsoft's Native SQL Server Driver for PHP (Bug #57055 - Patch by Chris Pucci at Microsoft)</li> </ul> diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 364c8f4e9e..38f910974a 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2336,6 +2336,19 @@ function redirect($url, $return = false, $disable_cd_check = false) // Relative uri $pathinfo = pathinfo($url); + if (!$disable_cd_check && !file_exists($pathinfo['dirname'])) + { + $url = str_replace('../', '', $url); + $pathinfo = pathinfo($url); + + if (!file_exists($pathinfo['dirname'])) + { + // fallback to "last known user page" + $url = generate_board_url() . '/' . $user->page['page']; + break; + } + } + // Is the uri pointing to the current directory? if ($pathinfo['dirname'] == '.') { |