/** * Redirect, but only to a safe domain. * * @param string $Destination Where to redirect. * @param int $StatusCode */ function SafeRedirect($Destination = FALSE, $StatusCode = NULL) { if (!$Destination) { $Destination = Url('', TRUE); } else { $Destination = Url($Destination, TRUE); } $Domain = parse_url($Destination, PHP_URL_HOST); if (in_array($Domain, TrustedDomains())) { Redirect($Destination, $StatusCode); } else { throw PermissionException(); } }
/** * Redirect, but only to a safe domain. * * @param string $Destination Where to redirect. * @param int $StatusCode The status of the redirect. Defaults to 302. */ function safeRedirect($Destination = false, $StatusCode = null) { if (!$Destination) { $Destination = Url('', true); } else { $Destination = Url($Destination, true); } $Domain = parse_url($Destination, PHP_URL_HOST); if (in_array($Domain, TrustedDomains())) { Redirect($Destination, $StatusCode); } else { throw PermissionException(); } }
/** * Redirect, but only to a safe domain. * * @param string $Destination Where to redirect. * @param int $StatusCode The status of the redirect. Defaults to 302. */ function safeRedirect($Destination = false, $StatusCode = null) { if (!$Destination) { $Destination = Url('', true); } else { $Destination = Url($Destination, true); } $trustedDomains = TrustedDomains(); $isTrustedDomain = false; foreach ($trustedDomains as $trustedDomain) { if (urlMatch($trustedDomain, $Destination)) { $isTrustedDomain = true; break; } } if ($isTrustedDomain) { redirect($Destination, $StatusCode); } else { Logger::notice('Redirect to untrusted domain: {url}.', ['url' => $Destination]); redirect(url("/home/leaving?Target=" . urlencode($Destination))); } }