diff options
author | Joas Schilling <nickvergessen@gmx.de> | 2015-04-11 17:08:28 +0200 |
---|---|---|
committer | Joas Schilling <nickvergessen@gmx.de> | 2015-04-11 17:08:28 +0200 |
commit | ee658bfe7bd284573d199c3c2a76007c5509695d (patch) | |
tree | 5252d1b2b57a246f9bb456cc7aa0c604d8a9a8a4 /phpBB/includes/functions.php | |
parent | bca1b96b2e9235bbb4a3e7a104dd79e7f3761679 (diff) | |
download | forums-ee658bfe7bd284573d199c3c2a76007c5509695d.tar forums-ee658bfe7bd284573d199c3c2a76007c5509695d.tar.gz forums-ee658bfe7bd284573d199c3c2a76007c5509695d.tar.bz2 forums-ee658bfe7bd284573d199c3c2a76007c5509695d.tar.xz forums-ee658bfe7bd284573d199c3c2a76007c5509695d.zip |
[ticket/security-180] Always fail when redirecting to an insecure URL
SECURITY-180
Diffstat (limited to 'phpBB/includes/functions.php')
-rw-r--r-- | phpBB/includes/functions.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index a6a98954de..f2bc63cf23 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2492,7 +2492,7 @@ function redirect($url, $return = false, $disable_cd_check = false) // Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work) if (!$disable_cd_check && $url_parts['host'] !== $user->host) { - $url = generate_board_url(); + trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR); } } else if ($url[0] == '/') |