diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2006-03-13 18:05:12 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2006-03-13 18:05:12 +0000 |
| commit | d85c4e73ed21d14e53ad870cca98381a751a0ec0 (patch) | |
| tree | d5c41643ed46b958370c5b82f7077c2252239ae3 /phpBB/includes/functions.php | |
| parent | 939b9c28baf60b73dcd8d8daeec02e1f29d37acd (diff) | |
| download | forums-d85c4e73ed21d14e53ad870cca98381a751a0ec0.tar forums-d85c4e73ed21d14e53ad870cca98381a751a0ec0.tar.gz forums-d85c4e73ed21d14e53ad870cca98381a751a0ec0.tar.bz2 forums-d85c4e73ed21d14e53ad870cca98381a751a0ec0.tar.xz forums-d85c4e73ed21d14e53ad870cca98381a751a0ec0.zip | |
- added users activity load setting
git-svn-id: file:///svn/phpbb/trunk@5624 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/functions.php')
| -rw-r--r-- | phpBB/includes/functions.php | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 569f3d08a9..a646cfcd7c 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1153,10 +1153,12 @@ function redirect($url) $url = generate_board_url() . '/' . $url; } - /** - * Make sure no HTTP Response Splitting attacks are possible - */ - + // Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2 + if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false) + { + trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR); + } + // Redirect via an HTML form for PITA webservers if (@preg_match('#Microsoft|WebSTAR|Xitami#', getenv('SERVER_SOFTWARE'))) { |