/**
* Redirect, but only to a safe domain.
*
* @param string $Destination Where to redirect.
* @param int $StatusCode
*/
function SafeRedirect($Destination = FALSE, $StatusCode = NULL)
{
if (!$Destination) {
$Destination = Url('', TRUE);
} else {
$Destination = Url($Destination, TRUE);
}
$Domain = parse_url($Destination, PHP_URL_HOST);
if (in_array($Domain, TrustedDomains())) {
Redirect($Destination, $StatusCode);
} else {
throw PermissionException();
}
}
/**
* Redirect, but only to a safe domain.
*
* @param string $Destination Where to redirect.
* @param int $StatusCode The status of the redirect. Defaults to 302.
*/
function safeRedirect($Destination = false, $StatusCode = null)
{
if (!$Destination) {
$Destination = Url('', true);
} else {
$Destination = Url($Destination, true);
}
$Domain = parse_url($Destination, PHP_URL_HOST);
if (in_array($Domain, TrustedDomains())) {
Redirect($Destination, $StatusCode);
} else {
throw PermissionException();
}
}
/**
* Redirect, but only to a safe domain.
*
* @param string $Destination Where to redirect.
* @param int $StatusCode The status of the redirect. Defaults to 302.
*/
function safeRedirect($Destination = false, $StatusCode = null)
{
if (!$Destination) {
$Destination = Url('', true);
} else {
$Destination = Url($Destination, true);
}
$trustedDomains = TrustedDomains();
$isTrustedDomain = false;
foreach ($trustedDomains as $trustedDomain) {
if (urlMatch($trustedDomain, $Destination)) {
$isTrustedDomain = true;
break;
}
}
if ($isTrustedDomain) {
redirect($Destination, $StatusCode);
} else {
Logger::notice('Redirect to untrusted domain: {url}.', ['url' => $Destination]);
redirect(url("/home/leaving?Target=" . urlencode($Destination)));
}
}
