diff options
author | Marc Alexander <admin@m-a-styles.de> | 2015-04-11 16:47:50 +0200 |
---|---|---|
committer | Andreas Fischer <bantu@phpbb.com> | 2015-04-28 22:08:15 +0200 |
commit | 89723b17d9c0a2984bcd52e41d8aabbbe03528d9 (patch) | |
tree | 3b066e6e2a86a3057ea53b2df0fdb81ca332b913 /phpBB | |
parent | 969718fc91cc2343332d0b89d9e842a8a1c2c1d3 (diff) | |
parent | bca1b96b2e9235bbb4a3e7a104dd79e7f3761679 (diff) | |
download | forums-89723b17d9c0a2984bcd52e41d8aabbbe03528d9.tar forums-89723b17d9c0a2984bcd52e41d8aabbbe03528d9.tar.gz forums-89723b17d9c0a2984bcd52e41d8aabbbe03528d9.tar.bz2 forums-89723b17d9c0a2984bcd52e41d8aabbbe03528d9.tar.xz forums-89723b17d9c0a2984bcd52e41d8aabbbe03528d9.zip |
Merge branch 'ticket/security-180' into ticket/security-180-asc
Conflicts:
tests/security/redirect_test.php
Diffstat (limited to 'phpBB')
-rw-r--r-- | phpBB/includes/functions.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 4fdeb12d3a..0cf1ab0f24 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2352,6 +2352,12 @@ function redirect($url, $return = false, $disable_cd_check = false) trigger_error('INSECURE_REDIRECT', E_USER_ERROR); } + // Make sure we don't redirect to external URLs + if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0) + { + trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR); + } + // Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2 if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false) { |