diff options
author | Jakub Senko <jakubsenko@gmail.com> | 2018-09-25 14:42:03 +0200 |
---|---|---|
committer | Jakub Senko <jakubsenko@gmail.com> | 2018-09-28 12:27:55 +0200 |
commit | d29d4389f9efdec4986c62052df7cd8a87135645 (patch) | |
tree | 4d38f0c1a48152482f3c84c2cf11a95524653b95 | |
parent | 001f32da95d4f8697ccc9a6107afc8dc68cbe48e (diff) | |
download | forums-d29d4389f9efdec4986c62052df7cd8a87135645.tar forums-d29d4389f9efdec4986c62052df7cd8a87135645.tar.gz forums-d29d4389f9efdec4986c62052df7cd8a87135645.tar.bz2 forums-d29d4389f9efdec4986c62052df7cd8a87135645.tar.xz forums-d29d4389f9efdec4986c62052df7cd8a87135645.zip |
[ticket/15758] Show translated msg for INSECURE_REDIRECT
PHPBB3-15758
-rw-r--r-- | phpBB/includes/functions.php | 10 | ||||
-rw-r--r-- | tests/security/redirect_test.php | 2 |
2 files changed, 6 insertions, 6 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 1457888c9f..5351db31f6 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1744,14 +1744,14 @@ function redirect($url, $return = false, $disable_cd_check = false) if ($url_parts === false) { // Malformed url - trigger_error('INSECURE_REDIRECT', E_USER_ERROR); + trigger_error('INSECURE_REDIRECT', E_USER_WARNING); } else if (!empty($url_parts['scheme']) && !empty($url_parts['host'])) { // Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work) if (!$disable_cd_check && $url_parts['host'] !== $user->host) { - trigger_error('INSECURE_REDIRECT', E_USER_ERROR); + trigger_error('INSECURE_REDIRECT', E_USER_WARNING); } } else if ($url[0] == '/') @@ -1791,13 +1791,13 @@ function redirect($url, $return = false, $disable_cd_check = false) if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0) { - trigger_error('INSECURE_REDIRECT', E_USER_ERROR); + trigger_error('INSECURE_REDIRECT', E_USER_WARNING); } // Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2 if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false) { - trigger_error('INSECURE_REDIRECT', E_USER_ERROR); + trigger_error('INSECURE_REDIRECT', E_USER_WARNING); } // Now, also check the protocol and for a valid url the last time... @@ -1806,7 +1806,7 @@ function redirect($url, $return = false, $disable_cd_check = false) if ($url_parts === false || empty($url_parts['scheme']) || !in_array($url_parts['scheme'], $allowed_protocols)) { - trigger_error('INSECURE_REDIRECT', E_USER_ERROR); + trigger_error('INSECURE_REDIRECT', E_USER_WARNING); } /** diff --git a/tests/security/redirect_test.php b/tests/security/redirect_test.php index 40cb7d2f04..0177eb4259 100644 --- a/tests/security/redirect_test.php +++ b/tests/security/redirect_test.php @@ -109,7 +109,7 @@ class phpbb_security_redirect_test extends phpbb_security_test_base if ($expected_error !== false) { - $this->setExpectedTriggerError(E_USER_ERROR, $user->lang[$expected_error]); + $this->setExpectedTriggerError(E_USER_WARNING, $user->lang[$expected_error]); } $result = redirect($test, true, $disable_cd_check); |