Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-04-27 17:59:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Don't allow redirect to external website

Browse Source
This commit is contained in:
slawkens 2024-04-08 19:05:42 +02:00
parent 7181b988e9
commit ef62b53cec
2 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
system/login.php
View File

@ -42,12 +42,6 @@ if(ACTION === 'logout' && !isset($_REQUEST['account_login'])) {
$logged = false; $logged = false;
unset($account_logged); unset($account_logged);
if(isset($_REQUEST['redirect']))
{
header('Location: ' . urldecode($_REQUEST['redirect']));
exit;
}
} }
} }
} }

7
system/pages/accountmanagement.php
View File

@ -52,9 +52,16 @@ $errors = array();
{ {
$redirect = urldecode($_REQUEST['redirect']); $redirect = urldecode($_REQUEST['redirect']);
// should never happen, unless hacker modify the URL
if (strpos($_REQUEST['redirect'], BASE_URL) === false) {
error('Fatal error: Cannot redirect outside the website.');
return;
}
$twig->display('account.redirect.html.twig', array( $twig->display('account.redirect.html.twig', array(
'redirect' => $redirect 'redirect' => $redirect
)); ));
return; return;
} }