Skip to content
Permalink
Browse files

Retrieve parameters from $_GET in url.php

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>
  • Loading branch information...
mauriciofauth committed Nov 10, 2018
1 parent 79fd80c commit 01e8064e3530a05d8d2975ad29fdd519a952e0ec
Showing with 5 additions and 5 deletions.
  1. +5 −5 url.php
10 url.php
@@ -21,9 +21,9 @@
$response->getHeader()->sendHttpHeaders();
$response->disable();
if (! Core::isValid($_REQUEST['url'])
|| ! preg_match('/^https:\/\/[^\n\r]*$/', $_REQUEST['url'])
|| ! Core::isAllowedDomain($_REQUEST['url'])
if (! Core::isValid($_GET['url'])
|| ! preg_match('/^https:\/\/[^\n\r]*$/', $_GET['url'])
|| ! Core::isAllowedDomain($_GET['url'])
) {
Core::sendHeaderLocation('./');
} else {
@@ -33,11 +33,11 @@
// external site.
echo "<script type='text/javascript'>
window.onload=function(){
window.location='" , Sanitize::escapeJsString($_REQUEST['url']) , "';
window.location='" , Sanitize::escapeJsString($_GET['url']) , "';
}
</script>";
// Display redirecting msg on screen.
// Do not display the value of $_REQUEST['url'] to avoid showing injected content
// Do not display the value of $_GET['url'] to avoid showing injected content
echo __('Taking you to the target site.');
}
die();

0 comments on commit 01e8064

Please sign in to comment.
You can’t perform that action at this time.