diff options
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/includes/functions.php | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 60d4297ff4..d4368d5ebf 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1816,6 +1816,15 @@ function redirect($url, $return = false) trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR); } + // Now, also check the protocol and for a valid url the last time... + $allowed_protocols = array('http', 'https', 'ftp', 'ftps'); + $url_parts = parse_url($url); + + if ($url_parts === false || empty($url_parts['scheme']) || !in_array($url_parts['scheme'], $allowed_protocols)) + { + trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR); + } + if ($return) { return $url; |