diff options
| author | David Flatz | 2015-02-12 14:12:47 +0100 |
|---|---|---|
| committer | David Flatz | 2015-02-12 14:12:47 +0100 |
| commit | 4946ffe70f5fbb6f8605540fcf98db2d50a8a4f1 (patch) | |
| tree | c6a8baff978282ae025e08cf0c128960019911b2 /it_url.class | |
| parent | 5472150c2fcc91aa190e2cbbd7c228c90de43470 (diff) | |
| download | itools-4946ffe70f5fbb6f8605540fcf98db2d50a8a4f1.tar.gz itools-4946ffe70f5fbb6f8605540fcf98db2d50a8a4f1.tar.bz2 itools-4946ffe70f5fbb6f8605540fcf98db2d50a8a4f1.zip | |
use $_SERVER['QUERY_STRING'] instead of U($_GET) because it removes empty get variables, should fix some false positives
Diffstat (limited to 'it_url.class')
| -rw-r--r-- | it_url.class | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/it_url.class b/it_url.class index 02b084e..cadb6c5 100644 --- a/it_url.class +++ b/it_url.class @@ -857,7 +857,7 @@ function redirect($url = null, $type = "temporary") $url = preg_replace("/[\r\n].*/", '', it_url::absolute($url)); # Security: cut after CR/LF - if (U($url) == U(it_url::absolute(U($_GET)))) + if (U($url) == U(it_url::absolute(U()) . ($_SERVER['QUERY_STRING'] ? '?' . $_SERVER['QUERY_STRING'] : ''))) it::error('Potential redirect loop detected: ' . $url); if (EDC('noredir')) { |