mirror of
https://github.com/phpbb/phpbb.git
synced 2025-09-18 03:52:10 +02:00
Compare commits
5 Commits
release-3.
...
release-3.
| Author | SHA1 | Date | |
|---|---|---|---|
|
1a3350619f | ||
|
18fc621d73 | ||
|
ee658bfe7b | ||
|
|
bca1b96b2e | ||
|
|
eed355b798 |
@@ -2492,7 +2492,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
|
||||
// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
|
||||
if (!$disable_cd_check && $url_parts['host'] !== $user->host)
|
||||
{
|
||||
$url = generate_board_url();
|
||||
trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
|
||||
}
|
||||
}
|
||||
else if ($url[0] == '/')
|
||||
@@ -2579,6 +2579,12 @@ function redirect($url, $return = false, $disable_cd_check = false)
|
||||
}
|
||||
}
|
||||
|
||||
// Make sure we don't redirect to external URLs
|
||||
if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0)
|
||||
{
|
||||
trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
|
||||
}
|
||||
|
||||
// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
|
||||
if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false)
|
||||
{
|
||||
|
||||
@@ -18,12 +18,17 @@ class phpbb_security_redirect_test extends phpbb_security_test_base
|
||||
{
|
||||
// array(Input -> redirect(), expected triggered error (else false), expected returned result url (else false))
|
||||
return array(
|
||||
array('data://x', false, 'http://localhost/phpBB'),
|
||||
array('data://x', 'Tried to redirect to potentially insecure url.', false),
|
||||
array('bad://localhost/phpBB/index.php', 'Tried to redirect to potentially insecure url.', false),
|
||||
array('http://www.otherdomain.com/somescript.php', false, 'http://localhost/phpBB'),
|
||||
array('http://www.otherdomain.com/somescript.php', 'Tried to redirect to potentially insecure url.', false),
|
||||
array("http://localhost/phpBB/memberlist.php\n\rConnection: close", 'Tried to redirect to potentially insecure url.', false),
|
||||
array('javascript:test', false, 'http://localhost/phpBB/../javascript:test'),
|
||||
array('http://localhost/phpBB/index.php;url=', 'Tried to redirect to potentially insecure url.', false),
|
||||
array('https://foobar.com\@http://localhost/phpBB', 'Tried to redirect to potentially insecure url.', false),
|
||||
array('https://foobar.com\@localhost/troll/http://localhost/', 'Tried to redirect to potentially insecure url.', false),
|
||||
array('http://localhost.foobar.com\@localhost/troll/http://localhost/', 'Tried to redirect to potentially insecure url.', false),
|
||||
array('http://localhost/phpBB', false, 'http://localhost/phpBB'),
|
||||
array('http://localhost/phpBB/', false, 'http://localhost/phpBB/'),
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user