adam/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-06-02 04:15:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

issue #706, check the redirect is within Piwigo

Browse Source
This commit is contained in:
plegall
2017-06-14 10:22:30 +02:00
parent 6ce14fc958
commit 4b9b7855f0
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
identification.php
+9
View File
@@ -40,6 +40,15 @@ if (!is_a_guest())
trigger_notify('loc_begin_identification'); trigger_notify('loc_begin_identification');
//-------------------------------------------------------------- identification //-------------------------------------------------------------- identification
// security (level 1): the redirect must occur within Piwigo, so the
// redirect param must start with the relative home url
if (isset($_POST['redirect']))
{
$_POST['redirect_decoded'] = urldecode($_POST['redirect']);
}
check_input_parameter('redirect_decoded', $_POST, false, '{^'.preg_quote(get_gallery_home_url()).'}');
$redirect_to = ''; $redirect_to = '';
if ( !empty($_GET['redirect']) ) if ( !empty($_GET['redirect']) )
{ {