[inc/Dictionary] Teh evil unvalidated redirects must die!

author: Simon Rettberg 2019-01-30 13:39:41 +0100
committer: Simon Rettberg 2019-01-30 13:39:41 +0100
commit: 120956761383f8365e95e669a11b344af4764c74 (patch)
tree: b020b902f00d28e87b3ff099eaf6212fbc9f0dee
parent: [systemstatus] Don't show swap warning too early (diff)
download: slx-admin-120956761383f8365e95e669a11b344af4764c74.tar.gz
slx-admin-120956761383f8365e95e669a11b344af4764c74.tar.xz
slx-admin-120956761383f8365e95e669a11b344af4764c74.zip
1 files changed, 8 insertions, 3 deletions
diff --git a/inc/dictionary.inc.php b/inc/dictionary.inc.php
index fcbfdfb8..935d1f4e 100644
--- a/inc/dictionary.inc.php
+++ b/inc/dictionary.inc.php
@@ -30,10 +30,15 @@ class Dictionary
 		if ($lang !== false && in_array($lang, self::$languages)) {
 			setcookie('lang', $lang, time() + 60 * 60 * 24 * 30 * 12);
 			$url = Request::get('url');
-			if ($url === false && isset($_SERVER['HTTP_REFERER']))
+			if ($url === false && isset($_SERVER['HTTP_REFERER'])) {
 				$url = $_SERVER['HTTP_REFERER'];
-			if ($url === false)
-				$url = '?do=Main';
+			}
+			$parts = parse_url($url);
+			if ($url === false || $parts === false || empty($parts['query'])) {
+				$url = '?do=main';
+			} else {
+				$url = '?' . $parts['query'];
+			}
 			Util::redirect($url);
 		}
author	Simon Rettberg	2019-01-30 13:39:41 +0100
committer	Simon Rettberg	2019-01-30 13:39:41 +0100
commit	120956761383f8365e95e669a11b344af4764c74 (patch)
tree	b020b902f00d28e87b3ff099eaf6212fbc9f0dee
parent	[systemstatus] Don't show swap warning too early (diff)
download	slx-admin-120956761383f8365e95e669a11b344af4764c74.tar.gz slx-admin-120956761383f8365e95e669a11b344af4764c74.tar.xz slx-admin-120956761383f8365e95e669a11b344af4764c74.zip