From 943742dad742cad540d30e7723de1eef43b713fc Mon Sep 17 00:00:00 2001
From: Christian Schneider
Date: Sat, 10 Nov 2007 18:18:21 +0000
Subject: Untaint url after sanitizing it

---
 it_url.class | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'it_url.class')

diff --git a/it_url.class b/it_url.class
index 5e29905..f92f4bb 100644
--- a/it_url.class
+++ b/it_url.class
@@ -539,7 +539,10 @@ function redirect($url = null)
 	if (EDC('noredir'))
 		echo "<a href='" . htmlspecialchars(it_url::absolute($url)) . "'>" . htmlspecialchars($url) . "</a><br />";
 	else
-		header('Location: '.preg_replace("/[\r\n].*/", '', it_url::absolute($url)));	# Security: cut after CR/LF
+	{
+		$url = preg_replace("/[\r\n].*/", '', it_url::absolute($url));	# Security: cut after CR/LF
+		header('Location: ' . it_untaint($url, TC_SELF));
+	}
 
 	exit;
 }
-- 
cgit v1.2.3