diff options
author | Marc Alexander <admin@m-a-styles.de> | 2015-04-11 16:41:20 +0200 |
---|---|---|
committer | Marc Alexander <admin@m-a-styles.de> | 2015-04-11 16:41:20 +0200 |
commit | bca1b96b2e9235bbb4a3e7a104dd79e7f3761679 (patch) | |
tree | 64617560c2d7fcfe41b61b0cf90655662d49e83b /phpBB/includes/functions.php | |
parent | eed355b798ec77ed8b67555087fc5866b522c5fc (diff) | |
download | forums-bca1b96b2e9235bbb4a3e7a104dd79e7f3761679.tar forums-bca1b96b2e9235bbb4a3e7a104dd79e7f3761679.tar.gz forums-bca1b96b2e9235bbb4a3e7a104dd79e7f3761679.tar.bz2 forums-bca1b96b2e9235bbb4a3e7a104dd79e7f3761679.tar.xz forums-bca1b96b2e9235bbb4a3e7a104dd79e7f3761679.zip |
[ticket/security-180] Make sure that redirect goes to full URL plus slash
SECURITY-180
Diffstat (limited to 'phpBB/includes/functions.php')
-rw-r--r-- | phpBB/includes/functions.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index f79a0a9e52..a6a98954de 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2580,7 +2580,7 @@ function redirect($url, $return = false, $disable_cd_check = false) } // Make sure we don't redirect to external URLs - if (!$disable_cd_check && strpos($url, generate_board_url(true)) !== 0) + if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0) { trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR); } |