Commit 698294a2 authored by Till Brehm's avatar Till Brehm
Browse files

Added check for content of redirect variable.

parent 0e14d736
......@@ -43,6 +43,7 @@ if($_SESSION["s"]["user"]['active'] != 1) {
if(!preg_match("/^[a-z]{2,20}$/i", $mod)) die('module name contains unallowed chars.');
if($redirect != '' && !preg_match("/^[a-z0-9]+\/[a-z0-9_\.\-]+\?id=[0-9]{1,5}$/i", $redirect)) die('redirect contains unallowed chars.');
//* Check if user may use the module.
$user_modules = explode(",", $_SESSION["s"]["user"]["modules"]);
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment