diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2007-09-26 17:00:08 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2007-09-26 17:00:08 +0000 |
| commit | bc80703c13d20859d0f22751ff05e9426c5ee262 (patch) | |
| tree | 51e51105ff2b9fde21be6730bd6c1466134a7985 | |
| parent | b2afdc0704e2c827e0174a113ea105a551b15039 (diff) | |
| download | forums-bc80703c13d20859d0f22751ff05e9426c5ee262.tar forums-bc80703c13d20859d0f22751ff05e9426c5ee262.tar.gz forums-bc80703c13d20859d0f22751ff05e9426c5ee262.tar.bz2 forums-bc80703c13d20859d0f22751ff05e9426c5ee262.tar.xz forums-bc80703c13d20859d0f22751ff05e9426c5ee262.zip | |
#i66
git-svn-id: file:///svn/phpbb/trunk@8114 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/includes/functions.php | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 60d4297ff4..d4368d5ebf 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1816,6 +1816,15 @@ function redirect($url, $return = false) trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR); } + // Now, also check the protocol and for a valid url the last time... + $allowed_protocols = array('http', 'https', 'ftp', 'ftps'); + $url_parts = parse_url($url); + + if ($url_parts === false || empty($url_parts['scheme']) || !in_array($url_parts['scheme'], $allowed_protocols)) + { + trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR); + } + if ($return) { return $url; |