From ee658bfe7bd284573d199c3c2a76007c5509695d Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@gmx.de>
Date: Sat, 11 Apr 2015 17:08:28 +0200
Subject: [ticket/security-180] Always fail when redirecting to an insecure URL

SECURITY-180
---
 phpBB/includes/functions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'phpBB/includes/functions.php')

diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index a6a98954de..f2bc63cf23 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2492,7 +2492,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
 		// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
 		if (!$disable_cd_check && $url_parts['host'] !== $user->host)
 		{
-			$url = generate_board_url();
+			trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
 		}
 	}
 	else if ($url[0] == '/')
-- 
cgit v1.2.1