diff options
author | Andrew Dolgov <[email protected]> | 2019-03-04 07:02:58 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2019-03-04 07:02:58 +0300 |
commit | 925065b1fed03710cef9018c2078b95b0fa425ad (patch) | |
tree | abab2e20c45f10198d8ff8a483332acccd1d1c68 | |
parent | 6ec602e1a41ed3cccb0faf86468f52b5919128b6 (diff) |
Revert "login: only allow relative URLs in return="
This reverts commit c68ac04020d85a296c784de18f8def3f365f9f6a.
-rwxr-xr-x | classes/handler/public.php | 6 | ||||
-rwxr-xr-x | include/functions.php | 6 |
2 files changed, 2 insertions, 10 deletions
diff --git a/classes/handler/public.php b/classes/handler/public.php index 16f8020bb..c3f18d8bb 100755 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -712,10 +712,8 @@ class Handler_Public extends Handler { user_error("Failed login attempt for $login from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING); } - $return = clean($_REQUEST['return']); - - if ($return && !is_absolute_url($return)) { - header("Location: " . $return); + if (clean($_REQUEST['return'])) { + header("Location: " . clean($_REQUEST['return'])); } else { header("Location: " . get_self_url_prefix()); } diff --git a/include/functions.php b/include/functions.php index 7f00f2f04..8c0654f3c 100755 --- a/include/functions.php +++ b/include/functions.php @@ -2562,9 +2562,3 @@ return $ts; } - - function is_absolute_url($url) { - $parts = parse_url($url); - - return $parts['host'] != ''; - } |