Merge branch 'master' into 1.5-next

Conflicts: login.php
fluxbb · Nov 25, 2014 · e47148b · e47148b
2 parents 5521b0b + 09b6a08
commit e47148b
Show file tree

Hide file tree

Showing 9 changed files with 1,299 additions and 1,303 deletions.
diff --git a/admin_bans.php b/admin_bans.php
diff --git a/admin_options.php b/admin_options.php
@@ -705,14 +705,14 @@
 								<tr>
 									<th scope="row"><?php echo $lang_admin_options['Admin e-mail label'] ?></th>
 									<td>
-										<input type="text" name="form[admin_email]" size="50" maxlength="80" value="<?php echo $pun_config['o_admin_email'] ?>" />
+										<input type="text" name="form[admin_email]" size="50" maxlength="80" value="<?php echo pun_htmlspecialchars($pun_config['o_admin_email']) ?>" />
 										<span><?php echo $lang_admin_options['Admin e-mail help'] ?></span>
 									</td>
 								</tr>
 								<tr>
 									<th scope="row"><?php echo $lang_admin_options['Webmaster e-mail label'] ?></th>
 									<td>
-										<input type="text" name="form[webmaster_email]" size="50" maxlength="80" value="<?php echo $pun_config['o_webmaster_email'] ?>" />
+										<input type="text" name="form[webmaster_email]" size="50" maxlength="80" value="<?php echo pun_htmlspecialchars($pun_config['o_webmaster_email']) ?>" />
 										<span><?php echo $lang_admin_options['Webmaster e-mail help'] ?></span>
 									</td>
 								</tr>

diff --git a/db_update.php b/db_update.php
@@ -7,7 +7,7 @@
  */
 
 // The FluxBB version this script updates to
-define('UPDATE_TO', '1.5.6');
+define('UPDATE_TO', '1.5.7');
 
 define('UPDATE_TO_DB_REVISION', 21);
 define('UPDATE_TO_SI_REVISION', 2);

diff --git a/include/common.php b/include/common.php
@@ -10,7 +10,7 @@
 	exit('The constant PUN_ROOT must be defined and point to a valid FluxBB installation root directory.');
 
 // Define the version and database revision that this code was written for
-define('FORUM_VERSION', '1.5.6');
+define('FORUM_VERSION', '1.5.7');
 
 define('FORUM_DB_REVISION', 21);
 define('FORUM_SI_REVISION', 2);

diff --git a/include/functions.php b/include/functions.php
@@ -1075,6 +1075,38 @@ function confirm_referrer($scripts, $error_msg = false)
 }
 
 
+//
+// Validate the given redirect URL, use the fallback otherwise
+//
+function validate_redirect($redirect_url, $fallback_url)
+{
+	$referrer = parse_url(strtolower($redirect_url));
+
+	// Remove www subdomain if it exists
+	if (strpos($referrer['host'], 'www.') === 0)
+		$referrer['host'] = substr($referrer['host'], 4);
+
+	// Make sure the path component exists
+	if (!isset($referrer['path']))
+		$referrer['path'] = '';
+
+	$valid = parse_url(strtolower(get_base_url()));
+
+	// Remove www subdomain if it exists
+	if (strpos($valid['host'], 'www.') === 0)
+		$valid['host'] = substr($valid['host'], 4);
+
+	// Make sure the path component exists
+	if (!isset($valid['path']))
+		$valid['path'] = '';
+
+	if ($referrer['host'] == $valid['host'] && preg_match('%^'.preg_quote($valid['path'], '%').'/(.*?)\.php%i', $referrer['path']))
+		return $redirect_url;
+	else
+		return $fallback_url;
+}
+
+
 //
 // Generate a random password of length $len
 // Compatibility wrapper for random_key

diff --git a/install.php b/install.php
@@ -7,7 +7,7 @@
  */
 
 // The FluxBB version this script installs
-define('FORUM_VERSION', '1.5.6');
+define('FORUM_VERSION', '1.5.7');
 
 define('FORUM_DB_REVISION', 21);
 define('FORUM_SI_REVISION', 2);