From 4946ffe70f5fbb6f8605540fcf98db2d50a8a4f1 Mon Sep 17 00:00:00 2001
From: David Flatz
Date: Thu, 12 Feb 2015 14:12:47 +0100
Subject: use $_SERVER['QUERY_STRING'] instead of U($_GET) because it removes
 empty get variables, should fix some false positives

---
 it_url.class | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/it_url.class b/it_url.class
index 02b084e..cadb6c5 100644
--- a/it_url.class
+++ b/it_url.class
@@ -857,7 +857,7 @@ function redirect($url = null, $type = "temporary")
 
 	$url = preg_replace("/[\r\n].*/", '', it_url::absolute($url));	# Security: cut after CR/LF
 
-	if (U($url) == U(it_url::absolute(U($_GET))))
+	if (U($url) == U(it_url::absolute(U()) . ($_SERVER['QUERY_STRING'] ? '?' . $_SERVER['QUERY_STRING'] : '')))
 		it::error('Potential redirect loop detected: ' . $url);
 
 	if (EDC('noredir')) {
-- 
cgit v1.2.3