diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2018-10-10 22:49:08 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2018-10-10 22:49:08 +0200 |
| commit | 40332ecfcc661284847758acea8d30744e5bfe6e (patch) | |
| tree | adaca100d429465f49807a994d7f0c708d2ee187 | |
| parent | 937c02966537a7745bf14ffa0134dc89bcf5484f (diff) | |
| parent | d29d4389f9efdec4986c62052df7cd8a87135645 (diff) | |
| download | forums-40332ecfcc661284847758acea8d30744e5bfe6e.tar forums-40332ecfcc661284847758acea8d30744e5bfe6e.tar.gz forums-40332ecfcc661284847758acea8d30744e5bfe6e.tar.bz2 forums-40332ecfcc661284847758acea8d30744e5bfe6e.tar.xz forums-40332ecfcc661284847758acea8d30744e5bfe6e.zip | |
Merge pull request #5374 from senky/ticket/15758
[ticket/15758] Show translated msg for INSECURE_REDIRECT
| -rw-r--r-- | phpBB/includes/functions.php | 10 | ||||
| -rw-r--r-- | tests/security/redirect_test.php | 2 |
2 files changed, 6 insertions, 6 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index a612406e5c..b2e82574e0 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1744,14 +1744,14 @@ function redirect($url, $return = false, $disable_cd_check = false) if ($url_parts === false) { // Malformed url - trigger_error('INSECURE_REDIRECT', E_USER_ERROR); + trigger_error('INSECURE_REDIRECT', E_USER_WARNING); } else if (!empty($url_parts['scheme']) && !empty($url_parts['host'])) { // Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work) if (!$disable_cd_check && $url_parts['host'] !== $user->host) { - trigger_error('INSECURE_REDIRECT', E_USER_ERROR); + trigger_error('INSECURE_REDIRECT', E_USER_WARNING); } } else if ($url[0] == '/') @@ -1791,13 +1791,13 @@ function redirect($url, $return = false, $disable_cd_check = false) if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0) { - trigger_error('INSECURE_REDIRECT', E_USER_ERROR); + trigger_error('INSECURE_REDIRECT', E_USER_WARNING); } // Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2 if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false) { - trigger_error('INSECURE_REDIRECT', E_USER_ERROR); + trigger_error('INSECURE_REDIRECT', E_USER_WARNING); } // Now, also check the protocol and for a valid url the last time... @@ -1806,7 +1806,7 @@ function redirect($url, $return = false, $disable_cd_check = false) if ($url_parts === false || empty($url_parts['scheme']) || !in_array($url_parts['scheme'], $allowed_protocols)) { - trigger_error('INSECURE_REDIRECT', E_USER_ERROR); + trigger_error('INSECURE_REDIRECT', E_USER_WARNING); } /** diff --git a/tests/security/redirect_test.php b/tests/security/redirect_test.php index 40cb7d2f04..0177eb4259 100644 --- a/tests/security/redirect_test.php +++ b/tests/security/redirect_test.php @@ -109,7 +109,7 @@ class phpbb_security_redirect_test extends phpbb_security_test_base if ($expected_error !== false) { - $this->setExpectedTriggerError(E_USER_ERROR, $user->lang[$expected_error]); + $this->setExpectedTriggerError(E_USER_WARNING, $user->lang[$expected_error]); } $result = redirect($test, true, $disable_cd_check); |