Skip to content
Snippets Groups Projects
Commit 698294a2 authored by Till Brehm's avatar Till Brehm
Browse files

Added check for content of redirect variable.

parent 0e14d736
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 0 deletions
interface/web/capp.php
+ 1
0
View file @ 698294a2
...@@ -43,6 +43,7 @@ if($_SESSION["s"]["user"]['active'] != 1) { ...@@ -43,6 +43,7 @@ if($_SESSION["s"]["user"]['active'] != 1) {
} }
if(!preg_match("/^[a-z]{2,20}$/i", $mod)) die('module name contains unallowed chars.'); if(!preg_match("/^[a-z]{2,20}$/i", $mod)) die('module name contains unallowed chars.');
if($redirect != '' && !preg_match("/^[a-z0-9]+\/[a-z0-9_\.\-]+\?id=[0-9]{1,5}$/i", $redirect)) die('redirect contains unallowed chars.');
//* Check if user may use the module. //* Check if user may use the module.
$user_modules = explode(",", $_SESSION["s"]["user"]["modules"]); $user_modules = explode(",", $_SESSION["s"]["user"]["modules"]);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment