by axew3 » Tue Mar 29, 2016 2:22 pm
This is how the function redirect inside phpBB/includes/functions.php need to look like to correct do external (and secure) redirect:
(external mean a redirect outside the phpBB folder)
Code: Select all
....
function redirect($url, $return = false, $disable_cd_check = false)
{
global $db, $cache, $config, $user, $phpbb_root_path, $phpbb_filesystem, $phpbb_path_helper, $phpEx, $phpbb_dispatcher;
$w3ck = preg_replace('/^[^\.]*\.([^\.]*)\.(.*)$/', '\1.\2',$url);
$w3 = request_var('REMOTE_ADDR','0');
if(stristr($w3ck, $w3)){
$disable_cd_check = true;
}
$failover_flag = false;
.......
[b]This is how the function redirect inside phpBB/includes/functions.php need to look like to correct do external (and secure) redirect:[/b]
(external mean a redirect outside the phpBB folder)
[code]
....
function redirect($url, $return = false, $disable_cd_check = false)
{
global $db, $cache, $config, $user, $phpbb_root_path, $phpbb_filesystem, $phpbb_path_helper, $phpEx, $phpbb_dispatcher;
$w3ck = preg_replace('/^[^\.]*\.([^\.]*)\.(.*)$/', '\1.\2',$url);
$w3 = request_var('REMOTE_ADDR','0');
if(stristr($w3ck, $w3)){
$disable_cd_check = true;
}
$failover_flag = false;
.......
[/code]