diff options
author | Simon Rettberg | 2019-01-30 13:39:41 +0100 |
---|---|---|
committer | Simon Rettberg | 2019-01-30 13:39:41 +0100 |
commit | 120956761383f8365e95e669a11b344af4764c74 (patch) | |
tree | b020b902f00d28e87b3ff099eaf6212fbc9f0dee /inc/dictionary.inc.php | |
parent | [systemstatus] Don't show swap warning too early (diff) | |
download | slx-admin-120956761383f8365e95e669a11b344af4764c74.tar.gz slx-admin-120956761383f8365e95e669a11b344af4764c74.tar.xz slx-admin-120956761383f8365e95e669a11b344af4764c74.zip |
[inc/Dictionary] Teh evil unvalidated redirects must die!
Diffstat (limited to 'inc/dictionary.inc.php')
-rw-r--r-- | inc/dictionary.inc.php | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/inc/dictionary.inc.php b/inc/dictionary.inc.php index fcbfdfb8..935d1f4e 100644 --- a/inc/dictionary.inc.php +++ b/inc/dictionary.inc.php @@ -30,10 +30,15 @@ class Dictionary if ($lang !== false && in_array($lang, self::$languages)) { setcookie('lang', $lang, time() + 60 * 60 * 24 * 30 * 12); $url = Request::get('url'); - if ($url === false && isset($_SERVER['HTTP_REFERER'])) + if ($url === false && isset($_SERVER['HTTP_REFERER'])) { $url = $_SERVER['HTTP_REFERER']; - if ($url === false) - $url = '?do=Main'; + } + $parts = parse_url($url); + if ($url === false || $parts === false || empty($parts['query'])) { + $url = '?do=main'; + } else { + $url = '?' . $parts['query']; + } Util::redirect($url); } |