diff options
author | Simon Rettberg | 2017-12-04 12:29:58 +0100 |
---|---|---|
committer | Simon Rettberg | 2017-12-04 12:29:58 +0100 |
commit | 217918e92de1237cd744a9afac77b5e93b7b68d8 (patch) | |
tree | 81822b44dab7f834c73fc9d5f58969f493dd7276 | |
parent | [inc/Render] Fix lang_ matching regexp (spaces) (diff) | |
download | slx-admin-217918e92de1237cd744a9afac77b5e93b7b68d8.tar.gz slx-admin-217918e92de1237cd744a9afac77b5e93b7b68d8.tar.xz slx-admin-217918e92de1237cd744a9afac77b5e93b7b68d8.zip |
[inc/Util] Util::redirect() can now be told to redirect to $_POST['redirect']
-rw-r--r-- | inc/util.inc.php | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/inc/util.inc.php b/inc/util.inc.php index 963b3416..1fb5b78e 100644 --- a/inc/util.inc.php +++ b/inc/util.inc.php @@ -150,15 +150,21 @@ SADFACE; * Redirects the user via a '302 Moved' header. * An active session will be saved, any messages that haven't * been displayed yet will be appended to the redirect. - * @param string $location Location to redirect to. "false" to redirect to same URL (useful after POSTs) + * @param string|false $location Location to redirect to. "false" to redirect to same URL (useful after POSTs) + * @param bool $preferRedirectPost if true, use the value from $_POST['redirect'] instead of $location */ - public static function redirect($location = false) + public static function redirect($location = false, $preferRedirectPost = false) { if ($location === false) { $location = preg_replace('/(&|\?)message\[\]\=[^&]*/', '\1', $_SERVER['REQUEST_URI']); } Session::save(); $messages = Message::toRequest(); + if ($preferRedirectPost + && ($redirect = Request::post('redirect', false, 'string')) !== false + && !preg_match(',^(\w+\:|//),', $redirect) /* no uri scheme, no server */) { + $location = $redirect; + } if (!empty($messages)) { if (strpos($location, '?') === false) { $location .= '?' . $messages; |