mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-07-09 17:16:20 +02:00
Code Issues Releases Wiki Activity

Issue #1378 - OpenID login failing.

Browse Source
This commit is contained in:
Cameron
2016-02-28 12:22:13 -08:00
parent 7127339553
commit b036ea8d25
1 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
e107_handlers/e107_class.php
View File

@ -3211,8 +3211,6 @@ class e107
{ {
if(($key == "QUERY_STRING") && ( if(($key == "QUERY_STRING") && (
strpos(strtolower($input),"../../")!==FALSE strpos(strtolower($input),"../../")!==FALSE
|| strpos(strtolower($input),"=http")!==FALSE
|| strpos(strtolower($input),strtolower("http%3A%2F%2F"))!==FALSE
|| strpos(strtolower($input),"php:")!==FALSE || strpos(strtolower($input),"php:")!==FALSE
|| strpos(strtolower($input),"data:")!==FALSE || strpos(strtolower($input),"data:")!==FALSE
|| strpos(strtolower($input),strtolower("%3Cscript"))!==FALSE || strpos(strtolower($input),strtolower("%3Cscript"))!==FALSE
@ -3227,6 +3225,20 @@ class e107
exit(); exit();
} }
if(($key == "QUERY_STRING") && empty($_GET['hauth.done']) && ( // exception for hybridAuth.
strpos(strtolower($input),"=http")!==FALSE
|| strpos(strtolower($input),strtolower("http%3A%2F%2F"))!==FALSE
))
{
header('HTTP/1.0 400 Bad Request', true, 400);
if(deftrue('e_DEBUG'))
{
echo "Bad Request: ".__METHOD__." : ". __LINE__;
}
exit();
}
if(($key == "HTTP_USER_AGENT") && strpos($input,"libwww-perl")!==FALSE) if(($key == "HTTP_USER_AGENT") && strpos($input,"libwww-perl")!==FALSE)
{ {
header('HTTP/1.0 400 Bad Request', true, 400); header('HTTP/1.0 400 Bad Request', true, 400);