From 42a644847dc2091485d8980e82986d9c155016ef Mon Sep 17 00:00:00 2001 From: Christian Schneider Date: Thu, 8 Sep 2011 17:00:51 +0000 Subject: Enforce parameter of it_url::redirect to be either 'permanent' or 'temporary' --- it_url.class | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/it_url.class b/it_url.class index 56aa182..5a65f12 100644 --- a/it_url.class +++ b/it_url.class @@ -683,10 +683,13 @@ function absolute($url=null) */ function redirect($url = null, $type = "temporary") { + $codes = array('permanent' => 301, 'temporary' => 303); # NOTE: HTTP 303 is called "See Other", rather than Temporary (which would be HTTP 307), but is the behaviour one usually wants for temporary redirects + if (!($code = $codes[$type])) + it::fatal("Invalid redirect type '$type', must be 'permanent' or 'temporary'"); + $url = preg_replace("/[\r\n].*/", '', it_url::absolute($url)); # Security: cut after CR/LF - $code = substr($type, 0, 4) == "perm" ? 301 : 303; # NOTE: HTTP 303 is called "See Other", rather than Temporary (which would be HTTP 307), but is the behaviour one usually wants for temporary redirects if (EDC('noredir')) - echo "" . htmlspecialchars($url) . " (HTTP/1.1 $code, $type redirect)
" . it_debug::backtrace(); + echo "" . htmlspecialchars($url) . " (HTTP/1.1 $code, $type redirect)
Trace: " . it_debug::backtrace(); else header('Location: ' . it_untaint($url, TC_SELF), true, $code); exit; -- cgit v1.2.3