Merge branch '3.1.x'

* 3.1.x: [ticket/security-180] Use language variable for redirect error in 3.1+ [ticket/security-180] Merge if statement with previous one in 3.1.x [ticket/security-180] Add tests for redirecting to main URL [ticket/security-180] Always fail when redirecting to an insecure URL [ticket/security-180] Make sure that redirect goes to full URL plus slash [ticket/security-180] Check if redirect URL contains board URL
author: Andreas Fischer <bantu@phpbb.com> 2015-04-28 22:17:51 +0200
committer: Andreas Fischer <bantu@phpbb.com> 2015-04-28 22:17:51 +0200
commit: 39f1e8c009e35caac4e6490e4f94333c8571f57b (patch)
tree: b4c07ecef4b82a731982941555da055d344dc60f
parent: ae2707db1341b8150dbbadde93aa847f15ba3ef2 (diff)
parent: 95add752b74bf8c24f88e81799aa0f43341ea90b (diff)
download: forums-39f1e8c009e35caac4e6490e4f94333c8571f57b.tar
forums-39f1e8c009e35caac4e6490e4f94333c8571f57b.tar.gz
forums-39f1e8c009e35caac4e6490e4f94333c8571f57b.tar.bz2
forums-39f1e8c009e35caac4e6490e4f94333c8571f57b.tar.xz
forums-39f1e8c009e35caac4e6490e4f94333c8571f57b.zip
2 files changed, 10 insertions, 5 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 76b974d0ce..98b5af372a 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -1740,7 +1740,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
 		// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
 		if (!$disable_cd_check && $url_parts['host'] !== $user->host)
 		{
-			$url = generate_board_url();
+			trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
 		}
 	}
 	else if ($url[0] == '/')
@@ -1778,7 +1778,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
 	// Clean URL and check if we go outside the forum directory
 	$url = $phpbb_path_helper->clean_url($url);
 
-	if (!$disable_cd_check && strpos($url, generate_board_url(true)) === false)
+	if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0)
 	{
 		trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
 	}
diff --git a/tests/security/redirect_test.php b/tests/security/redirect_test.php
index 3c67a1e98a..62781f3ee6 100644
--- a/tests/security/redirect_test.php
+++ b/tests/security/redirect_test.php
@@ -23,9 +23,9 @@ class phpbb_security_redirect_test extends phpbb_security_test_base
 	{
 		// array(Input -> redirect(), expected triggered error (else false), expected returned result url (else false))
 		return array(
-			array('data://x', false, false, 'http://localhost/phpBB'),
+			array('data://x', false, 'INSECURE_REDIRECT', false),
 			array('bad://localhost/phpBB/index.php', false, 'INSECURE_REDIRECT', false),
-			array('http://www.otherdomain.com/somescript.php', false, false, 'http://localhost/phpBB'),
+			array('http://www.otherdomain.com/somescript.php', false, 'INSECURE_REDIRECT', false),
 			array("http://localhost/phpBB/memberlist.php\n\rConnection: close", false, 'INSECURE_REDIRECT', false),
 			array('javascript:test', false, false, 'http://localhost/phpBB/javascript:test'),
 			array('http://localhost/phpBB/index.php;url=', false, 'INSECURE_REDIRECT', false),
@@ -51,6 +51,11 @@ class phpbb_security_redirect_test extends phpbb_security_test_base
 			array('../index.php', false, false, 'http://localhost/index.php'),
 			array('../index.php', true, false, 'http://localhost/index.php'),
 			array('./index.php', false, false, 'http://localhost/phpBB/index.php'),
+			array('https://foobar.com\@http://localhost/phpBB', false, 'INSECURE_REDIRECT', false),
+			array('https://foobar.com\@localhost/troll/http://localhost/', false, 'INSECURE_REDIRECT', false),
+			array('http://localhost.foobar.com\@localhost/troll/http://localhost/', false, 'INSECURE_REDIRECT', false),
+			array('http://localhost/phpBB', false, false, 'http://localhost/phpBB'),
+			array('http://localhost/phpBB/', false, false, 'http://localhost/phpBB/'),
 		);
 	}
 
@@ -105,7 +110,7 @@ class phpbb_security_redirect_test extends phpbb_security_test_base
 
 		if ($expected_error !== false)
 		{
-			$this->setExpectedTriggerError(E_USER_ERROR, $expected_error);
+			$this->setExpectedTriggerError(E_USER_ERROR, $user->lang[$expected_error]);
 		}
 
 		$result = redirect($test, true, $disable_cd_check);
author	Andreas Fischer <bantu@phpbb.com>	2015-04-28 22:17:51 +0200
committer	Andreas Fischer <bantu@phpbb.com>	2015-04-28 22:17:51 +0200
commit	39f1e8c009e35caac4e6490e4f94333c8571f57b (patch)
tree	b4c07ecef4b82a731982941555da055d344dc60f
parent	ae2707db1341b8150dbbadde93aa847f15ba3ef2 (diff)
parent	95add752b74bf8c24f88e81799aa0f43341ea90b (diff)
download	forums-39f1e8c009e35caac4e6490e4f94333c8571f57b.tar forums-39f1e8c009e35caac4e6490e4f94333c8571f57b.tar.gz forums-39f1e8c009e35caac4e6490e4f94333c8571f57b.tar.bz2 forums-39f1e8c009e35caac4e6490e4f94333c8571f57b.tar.xz forums-39f1e8c009e35caac4e6490e4f94333c8571f57b.zip