Menu
▾
▴
[phpwiki-checkins] SF.net SVN: phpwiki:[7653] trunk/lib/plugin/RedirectTo.php
|
From: <var...@us...> - 2010-08-30 10:41:34
|
Revision: 7653
http://phpwiki.svn.sourceforge.net/phpwiki/?rev=7653&view=rev
Author: vargenau
Date: 2010-08-30 10:41:28 +0000 (Mon, 30 Aug 2010)
Log Message:
-----------
Allow encoded spaces in URL for RedirectTo plugin
Modified Paths:
--------------
trunk/lib/plugin/RedirectTo.php
Modified: trunk/lib/plugin/RedirectTo.php
===================================================================
--- trunk/lib/plugin/RedirectTo.php 2010-08-24 15:11:11 UTC (rev 7652)
+++ trunk/lib/plugin/RedirectTo.php 2010-08-30 10:41:28 UTC (rev 7653)
@@ -59,14 +59,14 @@
$href = $args['href'];
$page = $args['page'];
if ($href) {
- /*
- * Use quotes on the href argument value, like:
- * <<RedirectTo href="http://funky.com/a b \" c.htm" ?>
- *
- * Do we want some checking on href to avoid malicious
- * uses of the plugin? Like stripping tags or hexcode.
- */
- $url = preg_replace('/%\d\d/','',strip_tags($href));
+ // If URL is urlencoded, decode it.
+ if (strpos('%', $href) !== false) {
+ $href = urldecode($href);
+ }
+ $url = strip_tags($href);
+ if ($url != $href) { // URL contains tags
+ return $this->disabled(_("Illegal characters in external URL."));
+ }
$thispage = $request->getPage();
if (! $thispage->get('locked')) {
return $this->disabled(_("Redirect to an external URL is only allowed in locked pages."));
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
