aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/functions.php
diff options
context:
space:
mode:
authorMarc Alexander <admin@m-a-styles.de>2015-04-11 16:41:20 +0200
committerMarc Alexander <admin@m-a-styles.de>2015-04-11 16:41:20 +0200
commitbca1b96b2e9235bbb4a3e7a104dd79e7f3761679 (patch)
tree64617560c2d7fcfe41b61b0cf90655662d49e83b /phpBB/includes/functions.php
parenteed355b798ec77ed8b67555087fc5866b522c5fc (diff)
downloadforums-bca1b96b2e9235bbb4a3e7a104dd79e7f3761679.tar
forums-bca1b96b2e9235bbb4a3e7a104dd79e7f3761679.tar.gz
forums-bca1b96b2e9235bbb4a3e7a104dd79e7f3761679.tar.bz2
forums-bca1b96b2e9235bbb4a3e7a104dd79e7f3761679.tar.xz
forums-bca1b96b2e9235bbb4a3e7a104dd79e7f3761679.zip
[ticket/security-180] Make sure that redirect goes to full URL plus slash
SECURITY-180
Diffstat (limited to 'phpBB/includes/functions.php')
-rw-r--r--phpBB/includes/functions.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index f79a0a9e52..a6a98954de 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2580,7 +2580,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
}
// Make sure we don't redirect to external URLs
- if (!$disable_cd_check && strpos($url, generate_board_url(true)) !== 0)
+ if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0)
{
trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
}
generated by cgit v1.2.1 (git 2.21.0) at 2024-05-20 07:11:22 +0000