diff options
| author | Andrew Dolgov <[email protected]> | 2019-03-03 07:53:42 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2019-03-03 07:53:42 +0300 |
| commit | c68ac04020d85a296c784de18f8def3f365f9f6a (patch) | |
| tree | 8a08224d0336a38da61e188530e2ce29b6097dbe | |
| parent | cc57ed377544b5b8a07d18d3c59117654886649e (diff) | |
login: only allow relative URLs in return=
| -rwxr-xr-x | classes/handler/public.php | 6 | ||||
| -rwxr-xr-x | include/functions.php | 6 |
2 files changed, 10 insertions, 2 deletions
diff --git a/classes/handler/public.php b/classes/handler/public.php index c3f18d8bb..16f8020bb 100755 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -712,8 +712,10 @@ class Handler_Public extends Handler { user_error("Failed login attempt for $login from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING); } - if (clean($_REQUEST['return'])) { - header("Location: " . clean($_REQUEST['return'])); + $return = clean($_REQUEST['return']); + + if ($return && !is_absolute_url($return)) { + header("Location: " . $return); } else { header("Location: " . get_self_url_prefix()); } diff --git a/include/functions.php b/include/functions.php index 8c0654f3c..7f00f2f04 100755 --- a/include/functions.php +++ b/include/functions.php @@ -2562,3 +2562,9 @@ return $ts; } + + function is_absolute_url($url) { + $parts = parse_url($url); + + return $parts['host'] != ''; + } |