Update of /cvsroot/php-blog/serendipity
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2426
Modified Files:
comment.php exit.php serendipity_functions.inc.php
Log Message:
Cleaner...
Index: serendipity_functions.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/serendipity_functions.inc.php,v
retrieving revision 1.442
retrieving revision 1.443
diff -u -d -r1.442 -r1.443
--- serendipity_functions.inc.php 15 Oct 2004 13:02:59 -0000 1.442
+++ serendipity_functions.inc.php 15 Oct 2004 14:22:28 -0000 1.443
@@ -1501,7 +1501,7 @@
$query = "UPDATE {$serendipity['dbPrefix']}entries SET allow_comments = '" . ($switch == 'disable' ? 'false' : 'true') . "' WHERE id = '". (int)$entry_id ."' $admin";
serendipity_db_query($query);
- if (strpos($_SERVER['HTTP_REFERER'], "\r") === false && strpos($_SERVER['HTTP_REFERER'], "\n") === false)
+ if (serendipity_isResponseClean($_SERVER['HTTP_REFERER']))
header('Location: '. $_SERVER['HTTP_REFERER']);
} else {
die('What are you up to? You need to be an admin to close comments');
@@ -3652,6 +3652,10 @@
}
}
+function serendipity_isResponseClean($d) {
+ return (strpos($d, "\r") === false && strpos($d, "\n") === false);
+}
+
define("serendipity_FUNCTIONS_LOADED", true);
/* vim: set sts=4 ts=4 expandtab : */
?>
Index: exit.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/exit.php,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- exit.php 15 Oct 2004 13:02:59 -0000 1.10
+++ exit.php 15 Oct 2004 14:22:28 -0000 1.11
@@ -22,7 +22,7 @@
// No entry-link ID was submitted. Possibly a spammer tried to mis-use the script to get into the top-list.
$url = str_replace('&', '&', base64_decode($_GET['url']));
}
-if (strpos($url, "\r") === false && strpos($url, "\n") === false)
+if (serendipity_isResponseClean($url))
header('Location: ' . $url);
exit;
/* vim: set sts=4 ts=4 expandtab : */
Index: comment.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/comment.php,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -d -r1.49 -r1.50
--- comment.php 15 Oct 2004 13:02:52 -0000 1.49
+++ comment.php 15 Oct 2004 14:22:28 -0000 1.50
@@ -8,8 +8,9 @@
if (isset($serendipity['GET']['delete'], $serendipity['GET']['entry'], $serendipity['GET']['type'])) {
serendipity_deleteComment($serendipity['GET']['delete'], $serendipity['GET']['entry'], $serendipity['GET']['type']);
- if (strpos($_SERVER['HTTP_REFERER'], "\r") === false && strpos($_SERVER['HTTP_REFERER'], "\n") === false)
- header('Location: '. $_SERVER['HTTP_REFERER']); die();
+ if (serendipity_isResponseClean($_SERVER['HTTP_REFERER']))
+ header('Location: '. $_SERVER['HTTP_REFERER']);
+ die();
}
if (isset($serendipity['GET']['switch'], $serendipity['GET']['entry'])) {
|
