Menu
▾
▴
[phpwiki-checkins] SF.net SVN: phpwiki:[10451] trunk/lib/plugin/RedirectTo.php
|
From: <var...@us...> - 2021-08-06 10:56:34
|
Revision: 10451
http://sourceforge.net/p/phpwiki/code/10451
Author: vargenau
Date: 2021-08-06 10:56:27 +0000 (Fri, 06 Aug 2021)
Log Message:
-----------
lib/plugin/RedirectTo.php: check IsSafeURL
Modified Paths:
--------------
trunk/lib/plugin/RedirectTo.php
Modified: trunk/lib/plugin/RedirectTo.php
===================================================================
--- trunk/lib/plugin/RedirectTo.php 2021-08-06 10:34:32 UTC (rev 10450)
+++ trunk/lib/plugin/RedirectTo.php 2021-08-06 10:56:27 UTC (rev 10451)
@@ -75,6 +75,9 @@
if ($url != $href) { // URL contains tags
return $this->disabled(_("Illegal characters in external URL."));
}
+ if (!IsSafeURL($url, true)) { // http or https only
+ return $this->error(fmt("Malformed URL: “%s”", $url));
+ }
$thispage = $request->getPage();
if (!$thispage->get('locked')) {
return $this->disabled(_("Redirect to an external URL is only allowed in locked pages."));
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
