From d5915df37ef703abe9a032e8e78f955bc00f674a Mon Sep 17 00:00:00 2001 From: slawkens Date: Sun, 14 Apr 2024 16:06:57 +0200 Subject: [PATCH] Fix redirects in forum + polls --- system/pages/account/manage.php | 2 +- system/pages/forum/edit_post.php | 2 +- system/pages/forum/move_thread.php | 2 +- system/pages/forum/new_post.php | 2 +- system/pages/forum/new_thread.php | 2 +- system/pages/forum/remove_post.php | 2 +- system/pages/polls.php | 4 ++-- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/system/pages/account/manage.php b/system/pages/account/manage.php index d0a3eb75..e3003e25 100644 --- a/system/pages/account/manage.php +++ b/system/pages/account/manage.php @@ -21,7 +21,7 @@ if(!$logged) { if(isset($_REQUEST['redirect'])) { $redirect = urldecode($_REQUEST['redirect']); - + // should never happen, unless hacker modify the URL if (!str_contains($redirect, BASE_URL)) { error('Fatal error: Cannot redirect outside the website.'); diff --git a/system/pages/forum/edit_post.php b/system/pages/forum/edit_post.php index f42b743f..29ac1bec 100644 --- a/system/pages/forum/edit_post.php +++ b/system/pages/forum/edit_post.php @@ -19,7 +19,7 @@ if ($ret === false) { } if(!$logged) { - echo 'You are not logged in. Log in to post on the forum.

'; + echo 'You are not logged in. Log in to post on the forum.

'; return; } diff --git a/system/pages/forum/move_thread.php b/system/pages/forum/move_thread.php index 86305b4d..cdae005a 100644 --- a/system/pages/forum/move_thread.php +++ b/system/pages/forum/move_thread.php @@ -19,7 +19,7 @@ if ($ret === false) { } if(!$logged) { - echo 'You are not logged in. Log in to post on the forum.

'; + echo 'You are not logged in. Log in to post on the forum.

'; return; } diff --git a/system/pages/forum/new_post.php b/system/pages/forum/new_post.php index 659b4037..c47302b6 100644 --- a/system/pages/forum/new_post.php +++ b/system/pages/forum/new_post.php @@ -24,7 +24,7 @@ if(!$logged) { $extra_url = '?action=new_post&thread_id=' . $_GET['thread_id']; } - echo 'You are not logged in. Log in to post on the forum.

'; + echo 'You are not logged in. Log in to post on the forum.

'; return; } diff --git a/system/pages/forum/new_thread.php b/system/pages/forum/new_thread.php index 7b97f30e..7a66ac27 100644 --- a/system/pages/forum/new_thread.php +++ b/system/pages/forum/new_thread.php @@ -24,7 +24,7 @@ if(!$logged) { $extra_url = '?action=new_thread§ion_id=' . $_GET['section_id']; } - echo 'You are not logged in. Log in to post on the forum.

'; + echo 'You are not logged in. Log in to post on the forum.

'; return; } diff --git a/system/pages/forum/remove_post.php b/system/pages/forum/remove_post.php index 3e234e6f..690b3f75 100644 --- a/system/pages/forum/remove_post.php +++ b/system/pages/forum/remove_post.php @@ -19,7 +19,7 @@ if ($ret === false) { } if(!$logged) { - echo 'You are not logged in. Log in to post on the forum.

'; + echo 'You are not logged in. Log in to post on the forum.

'; return; } diff --git a/system/pages/polls.php b/system/pages/polls.php index 21549891..37372f25 100644 --- a/system/pages/polls.php +++ b/system/pages/polls.php @@ -51,7 +51,7 @@ function getColorByPercent($percent) if($logged) echo $link.'?id='.$poll['id']; else - echo getLink('account/manage') . '?redirect=' . BASE_URL . urlencode($link.'?id='.$poll['id']); + echo getLink('account/manage') . '?redirect=' . urlencode($link.'?id='.$poll['id']); echo '">'.$poll['question'] . ' @@ -80,7 +80,7 @@ function getColorByPercent($percent) if($logged) echo $link.'?id='.$poll['id']; else - echo getLink('account/manage') . '?redirect=' . BASE_URL . urlencode($link.'?id='.$poll['id']); + echo getLink('account/manage') . '?redirect=' . urlencode($link.'?id='.$poll['id']); echo '">'.$poll['question'] . '