aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarc Alexander <admin@m-a-styles.de>2015-04-11 16:47:50 +0200
committerAndreas Fischer <bantu@phpbb.com>2015-04-28 22:08:15 +0200
commit89723b17d9c0a2984bcd52e41d8aabbbe03528d9 (patch)
tree3b066e6e2a86a3057ea53b2df0fdb81ca332b913
parent969718fc91cc2343332d0b89d9e842a8a1c2c1d3 (diff)
parentbca1b96b2e9235bbb4a3e7a104dd79e7f3761679 (diff)
downloadforums-89723b17d9c0a2984bcd52e41d8aabbbe03528d9.tar
forums-89723b17d9c0a2984bcd52e41d8aabbbe03528d9.tar.gz
forums-89723b17d9c0a2984bcd52e41d8aabbbe03528d9.tar.bz2
forums-89723b17d9c0a2984bcd52e41d8aabbbe03528d9.tar.xz
forums-89723b17d9c0a2984bcd52e41d8aabbbe03528d9.zip
Merge branch 'ticket/security-180' into ticket/security-180-asc
Conflicts: tests/security/redirect_test.php
Diffstat
-rw-r--r--phpBB/includes/functions.php6
-rw-r--r--tests/security/redirect_test.php3
2 files changed, 9 insertions, 0 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 4fdeb12d3a..0cf1ab0f24 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2352,6 +2352,12 @@ function redirect($url, $return = false, $disable_cd_check = false)
trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
}
+ // Make sure we don't redirect to external URLs
+ if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0)
+ {
+ trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
+ }
+
// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false)
{
diff --git a/tests/security/redirect_test.php b/tests/security/redirect_test.php
index 21fb103ed1..0631365292 100644
--- a/tests/security/redirect_test.php
+++ b/tests/security/redirect_test.php
@@ -51,6 +51,9 @@ class phpbb_security_redirect_test extends phpbb_security_test_base
array('../index.php', false, false, 'http://localhost/index.php'),
array('../index.php', true, false, 'http://localhost/index.php'),
array('./index.php', false, false, 'http://localhost/phpBB/index.php'),
+ array('https://foobar.com\@http://localhost/phpBB', false, false, 'http://localhost/phpBB'),
+ array('https://foobar.com\@localhost/troll/http://localhost/', false, 'INSECURE_REDIRECT', false),
+ array('http://localhost.foobar.com\@localhost/troll/http://localhost/', false, 'INSECURE_REDIRECT', false),
);
}
generated by cgit v1.2.1 (git 2.21.0) at 2024-11-28 19:34:51 +0000