mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-01-19 15:17:16 +01:00
Code Issues Releases Wiki Activity

Merge pull request #5374 from senky/ticket/15758

Browse Source 
[ticket/15758] Show translated msg for INSECURE_REDIRECT
This commit is contained in:
Marc Alexander 2018-10-10 22:49:08 +02:00
commit 40332ecfcc
No known key found for this signature in database
GPG Key ID: 50E0D2423696F995
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
phpBB/includes/functions.php
View File

@ -1744,14 +1744,14 @@ function redirect($url, $return = false, $disable_cd_check = false)
if ($url_parts === false)
{
// Malformed url
trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
trigger_error('INSECURE_REDIRECT', E_USER_WARNING);
}
else if (!empty($url_parts['scheme']) && !empty($url_parts['host']))
{
// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
if (!$disable_cd_check && $url_parts['host'] !== $user->host)
{
trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
trigger_error('INSECURE_REDIRECT', E_USER_WARNING);
}
}
else if ($url[0] == '/')
@ -1791,13 +1791,13 @@ function redirect($url, $return = false, $disable_cd_check = false)
if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0)
{
trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
trigger_error('INSECURE_REDIRECT', E_USER_WARNING);
}
// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false)
{
trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
trigger_error('INSECURE_REDIRECT', E_USER_WARNING);
}
// Now, also check the protocol and for a valid url the last time...
@ -1806,7 +1806,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
if ($url_parts === false || empty($url_parts['scheme']) || !in_array($url_parts['scheme'], $allowed_protocols))
{
trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
trigger_error('INSECURE_REDIRECT', E_USER_WARNING);
}
/**

2
tests/security/redirect_test.php
View File

@ -109,7 +109,7 @@ class phpbb_security_redirect_test extends phpbb_security_test_base
if ($expected_error !== false)
{
$this->setExpectedTriggerError(E_USER_ERROR, $user->lang[$expected_error]);
$this->setExpectedTriggerError(E_USER_WARNING, $user->lang[$expected_error]);
}
$result = redirect($test, true, $disable_cd_check);