Fix URL redirection issue in login_page.php

The fix for issue #17648 failed to correct all cases of redirection. Alejo Popovici discovered that the regex checking for URLs pointing to other domains considered an URL with a single '/' as local, allowing redirection e.g. to http:/google.com on certain browsers. Fixes #17997 (CVE-2015-1042)
mantisbt · Jan 16, 2015 · e7e2b55 · e7e2b55
1 parent afacf2e
commit e7e2b55
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/core/string_api.php b/core/string_api.php
@@ -268,7 +268,7 @@ function string_sanitize_url( $p_url, $p_return_absolute = false ) {
 
 	# Check for URL's pointing to other domains
 	if( 0 == $t_type || empty( $t_matches['script'] ) ||
-		3 == $t_type && preg_match( '@(?:[^:]*)?://@', $t_url ) > 0 ) {
+		3 == $t_type && preg_match( '@(?:[^:]*)?:/*@', $t_url ) > 0 ) {
 
 		return ( $p_return_absolute ? $t_path . '/' : '' ) . 'index.php';
 	}