summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Schneider2011-09-08 17:00:51 +0000
committerChristian Schneider2011-09-08 17:00:51 +0000
commit42a644847dc2091485d8980e82986d9c155016ef (patch)
tree44eb67f53555eebf8b1a71ff2365589aa76d055e
parentc7efb186e47135acac829f5831615e3f6bd03b5d (diff)
downloaditools-42a644847dc2091485d8980e82986d9c155016ef.tar.gz
itools-42a644847dc2091485d8980e82986d9c155016ef.tar.bz2
itools-42a644847dc2091485d8980e82986d9c155016ef.zip
Enforce parameter of it_url::redirect to be either 'permanent' or 'temporary'
-rw-r--r--it_url.class7
1 files changed, 5 insertions, 2 deletions
diff --git a/it_url.class b/it_url.class
index 56aa182..5a65f12 100644
--- a/it_url.class
+++ b/it_url.class
@@ -683,10 +683,13 @@ function absolute($url=null)
*/
function redirect($url = null, $type = "temporary")
{
+ $codes = array('permanent' => 301, 'temporary' => 303); # NOTE: HTTP 303 is called "See Other", rather than Temporary (which would be HTTP 307), but is the behaviour one usually wants for temporary redirects
+ if (!($code = $codes[$type]))
+ it::fatal("Invalid redirect type '$type', must be 'permanent' or 'temporary'");
+
$url = preg_replace("/[\r\n].*/", '', it_url::absolute($url)); # Security: cut after CR/LF
- $code = substr($type, 0, 4) == "perm" ? 301 : 303; # NOTE: HTTP 303 is called "See Other", rather than Temporary (which would be HTTP 307), but is the behaviour one usually wants for temporary redirects
if (EDC('noredir'))
- echo "<a href='" . htmlspecialchars($url) . "'>" . htmlspecialchars($url) . "</a> (HTTP/1.1 $code, $type redirect)<br />" . it_debug::backtrace();
+ echo "<a href='" . htmlspecialchars($url) . "'>" . htmlspecialchars($url) . "</a> (HTTP/1.1 $code, $type redirect)<br />Trace: " . it_debug::backtrace();
else
header('Location: ' . it_untaint($url, TC_SELF), true, $code);
exit;