From 42a644847dc2091485d8980e82986d9c155016ef Mon Sep 17 00:00:00 2001
From: Christian Schneider
Date: Thu, 8 Sep 2011 17:00:51 +0000
Subject: Enforce parameter of it_url::redirect to be either 'permanent' or
'temporary'
---
it_url.class | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/it_url.class b/it_url.class
index 56aa182..5a65f12 100644
--- a/it_url.class
+++ b/it_url.class
@@ -683,10 +683,13 @@ function absolute($url=null)
*/
function redirect($url = null, $type = "temporary")
{
+ $codes = array('permanent' => 301, 'temporary' => 303); # NOTE: HTTP 303 is called "See Other", rather than Temporary (which would be HTTP 307), but is the behaviour one usually wants for temporary redirects
+ if (!($code = $codes[$type]))
+ it::fatal("Invalid redirect type '$type', must be 'permanent' or 'temporary'");
+
$url = preg_replace("/[\r\n].*/", '', it_url::absolute($url)); # Security: cut after CR/LF
- $code = substr($type, 0, 4) == "perm" ? 301 : 303; # NOTE: HTTP 303 is called "See Other", rather than Temporary (which would be HTTP 307), but is the behaviour one usually wants for temporary redirects
if (EDC('noredir'))
- echo "" . htmlspecialchars($url) . " (HTTP/1.1 $code, $type redirect)
" . it_debug::backtrace();
+ echo "" . htmlspecialchars($url) . " (HTTP/1.1 $code, $type redirect)
Trace: " . it_debug::backtrace();
else
header('Location: ' . it_untaint($url, TC_SELF), true, $code);
exit;
--
cgit v1.2.3