diff options
| -rw-r--r-- | it_url.class | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/it_url.class b/it_url.class index 7035291..83c0781 100644 --- a/it_url.class +++ b/it_url.class @@ -583,7 +583,7 @@ function absolute($url=null) { $dir = preg_replace('#/[^/]*$#', '/', $_SERVER['PHP_SELF']); $url = preg_match('#^/#', $url) ? $url : "$dir$url"; - $url = "//" . $_SERVER['HTTP_HOST'] . $url; + $url = "//" . $_SERVER['HTTP_HOST'] . ($_SERVER['SERVER_PORT'] == 80 ? "" : ":{$_SERVER['SERVER_PORT']}") . $url; } $url = "http" . (isset($_SERVER['HTTPS']) ? 's':'') . ":$url"; } @@ -598,13 +598,12 @@ function absolute($url=null) */ function redirect($url = null) { + $url = preg_replace("/[\r\n].*/", '', it_url::absolute($url)); # Security: cut after CR/LF + if (EDC('noredir')) - echo "<a href='" . htmlspecialchars(it_url::absolute($url)) . "'>" . htmlspecialchars($url) . "</a><br />"; + echo "<a href='" . htmlspecialchars($url) . "'>" . htmlspecialchars($url) . "</a><br />"; else - { - $url = preg_replace("/[\r\n].*/", '', it_url::absolute($url)); # Security: cut after CR/LF header('Location: ' . it_untaint($url, TC_SELF)); - } exit; } |