diff options
Diffstat (limited to 'phpBB/includes/functions.php')
| -rw-r--r-- | phpBB/includes/functions.php | 40 |
1 files changed, 22 insertions, 18 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index acb4690a48..d460497669 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2309,7 +2309,7 @@ function redirect($url, $return = false, $disable_cd_check = false) // Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work) if (!$disable_cd_check && $url_parts['host'] !== $user->host) { - $url = generate_board_url(); + trigger_error('INSECURE_REDIRECT', E_USER_ERROR); } } else if ($url[0] == '/') @@ -2347,7 +2347,7 @@ function redirect($url, $return = false, $disable_cd_check = false) // Clean URL and check if we go outside the forum directory $url = $phpbb_path_helper->clean_url($url); - if (!$disable_cd_check && strpos($url, generate_board_url(true)) === false) + if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0) { trigger_error('INSECURE_REDIRECT', E_USER_ERROR); } @@ -2389,7 +2389,7 @@ function redirect($url, $return = false, $disable_cd_check = false) } // Redirect via an HTML form for PITA webservers - if (@preg_match('#Microsoft|WebSTAR|Xitami#', getenv('SERVER_SOFTWARE'))) + if (@preg_match('#WebSTAR|Xitami#', getenv('SERVER_SOFTWARE'))) { header('Refresh: 0; URL=' . $url); @@ -2544,13 +2544,19 @@ function phpbb_request_http_version() { global $request; + $version = ''; if ($request && $request->server('SERVER_PROTOCOL')) { - return $request->server('SERVER_PROTOCOL'); + $version = $request->server('SERVER_PROTOCOL'); } else if (isset($_SERVER['SERVER_PROTOCOL'])) { - return $_SERVER['SERVER_PROTOCOL']; + $version = $_SERVER['SERVER_PROTOCOL']; + } + + if (!empty($version) && is_string($version) && preg_match('#^HTTP/[0-9]\.[0-9]$#', $version)) + { + return $version; } return 'HTTP/1.0'; @@ -2920,19 +2926,6 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa // Special cases... determine switch ($result['status']) { - case LOGIN_ERROR_ATTEMPTS: - - $captcha = $phpbb_container->get('captcha.factory')->get_instance($config['captcha_plugin']); - $captcha->init(CONFIRM_LOGIN); - // $captcha->reset(); - - $template->assign_vars(array( - 'CAPTCHA_TEMPLATE' => $captcha->get_template(), - )); - - $err = $user->lang[$result['error_msg']]; - break; - case LOGIN_ERROR_PASSWORD_CONVERT: $err = sprintf( $user->lang[$result['error_msg']], @@ -2943,6 +2936,17 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa ); break; + case LOGIN_ERROR_ATTEMPTS: + + $captcha = $phpbb_container->get('captcha.factory')->get_instance($config['captcha_plugin']); + $captcha->init(CONFIRM_LOGIN); + // $captcha->reset(); + + $template->assign_vars(array( + 'CAPTCHA_TEMPLATE' => $captcha->get_template(), + )); + // no break; + // Username, password, etc... default: $err = $user->lang[$result['error_msg']]; |