[geeklog-cvs] geeklog: Only resend requests for our own site
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Tue Dec 29 08:00:31 EST 2009
changeset 7544:578a3e9b510b
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/578a3e9b510b
user: Dirk Haun <dirk at haun-online.de>
date: Wed Dec 23 09:01:52 2009 +0100
description:
Only resend requests for our own site
diffstat:
public_html/users.php | 11 +++++++++--
1 files changed, 9 insertions(+), 2 deletions(-)
diffs (36 lines):
diff -r 624b8b9ce9e6 -r 578a3e9b510b public_html/users.php
--- a/public_html/users.php Sun Dec 20 18:41:38 2009 +0100
+++ b/public_html/users.php Wed Dec 23 09:01:52 2009 +0100
@@ -850,6 +850,8 @@
*/
function resend_request()
{
+ global $_CONF;
+
require_once 'HTTP/Request.php';
$method = '';
@@ -859,6 +861,11 @@
$returnurl = '';
if (isset($_POST['token_returnurl'])) {
$returnurl = urldecode($_POST['token_returnurl']);
+ if (substr($returnurl, 0, strlen($_CONF['site_url'])) !=
+ $_CONF['site_url']) {
+ // only accept URLs on our site
+ $returnurl = '';
+ }
}
$postdata = '';
if (isset($_POST['token_postdata'])) {
@@ -904,9 +911,9 @@
$response = $req->sendRequest();
if (PEAR::isError($response)) {
- die("Request failed: " . $response->getMessage());
+ trigger_error("Resending $method request failed: " . $response->getMessage());
} else {
- echo $req->getResponseBody();
+ COM_output($req->getResponseBody());
}
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
More information about the geeklog-cvs
mailing list