From 23ef85fa74c07093a9f7de6879fabebc0aeed18f Mon Sep 17 00:00:00 2001
From: Meik Sievertsen <acydburn@phpbb.com>
Date: Thu, 12 Oct 2006 15:20:33 +0000
Subject: some test code, hopefully working for all occassions where we are
 using the functions...

git-svn-id: file:///svn/phpbb/trunk@6487 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/functions.php | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'phpBB/includes/functions.php')

diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 2666f013c5..4fbac96fe2 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -1478,7 +1478,7 @@ function generate_board_url($without_script_path = false)
 /**
 * Redirects the user to another page then exits the script nicely
 */
-function redirect($url)
+function redirect($url, $return = false)
 {
 	global $db, $cache, $config, $user;
 
@@ -1554,6 +1554,17 @@ function redirect($url)
 		}
 	}
 
+	// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
+	if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false || strpos($url, generate_board_url()) !== 0)
+	{
+		trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
+	}
+
+	if ($return)
+	{
+		return $url;
+	}
+
 	// Redirect via an HTML form for PITA webservers
 	if (@preg_match('#Microsoft|WebSTAR|Xitami#', getenv('SERVER_SOFTWARE')))
 	{
@@ -1670,6 +1681,8 @@ function meta_refresh($time, $url)
 {
 	global $template;
 
+	$url = redirect($url, true);
+
 	$template->assign_vars(array(
 		'META' => '<meta http-equiv="refresh" content="' . $time . ';url=' . $url . '" />')
 	);
-- 
cgit v1.2.1