Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-04-26 17:29:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Post-fix redirect

Browse Source
This commit is contained in:
slawkens 2024-04-14 16:02:55 +02:00
parent d225c2da26
commit eb0c2a7674
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
system/pages/account/manage.php
View File

@ -21,6 +21,12 @@ if(!$logged) {
if(isset($_REQUEST['redirect'])) if(isset($_REQUEST['redirect']))
{ {
$redirect = urldecode($_REQUEST['redirect']); $redirect = urldecode($_REQUEST['redirect']);
// should never happen, unless hacker modify the URL
if (!str_contains($redirect, BASE_URL)) {
error('Fatal error: Cannot redirect outside the website.');
return;
}
$twig->display('account.redirect.html.twig', array( $twig->display('account.redirect.html.twig', array(
'redirect' => $redirect 'redirect' => $redirect

2
system/pages/account/redirect.php
View File

@ -13,7 +13,7 @@ defined('MYAAC') or die('Direct access not allowed!');
$redirect = urldecode($_REQUEST['redirect']); $redirect = urldecode($_REQUEST['redirect']);
// should never happen, unless hacker modify the URL // should never happen, unless hacker modify the URL
if (!str_contains($_REQUEST['redirect'], BASE_URL)) { if (!str_contains($redirect, BASE_URL)) {
error('Fatal error: Cannot redirect outside the website.'); error('Fatal error: Cannot redirect outside the website.');
return; return;
} }