Bug #56965 - Allow redirect() to redirect across directories.

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10536 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-08-08 17:56:52 +02:00 · 2010-02-25 00:18:30 +00:00
parent 8f5155d272
commit 9e64c3bd84
2 changed files with 14 additions and 0 deletions
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2336,6 +2336,19 @@ function redirect($url, $return = false, $disable_cd_check = false)
 		// Relative uri
 		$pathinfo = pathinfo($url);

+		if (!$disable_cd_check && !file_exists($pathinfo['dirname']))
+		{
+			$url = str_replace('../', '', $url);
+			$pathinfo = pathinfo($url);
+
+			if (!file_exists($pathinfo['dirname']))
+			{
+				// fallback to "last known user page"
+				$url = generate_board_url() . '/' . $user->page['page'];
+				break;
+			}
+		}
+
 		// Is the uri pointing to the current directory?
 		if ($pathinfo['dirname'] == '.')
 		{