public function makeReturnToUrl(HTTPRequest $request, $url) { $urlToken = parse_url($url); $finaleUrl = ''; $server_url = ''; if (array_key_exists('host', $urlToken) && $urlToken['host']) { $server_url = $urlToken['scheme'] . '://' . $urlToken['host']; if (array_key_exists('port', $urlToken) && $urlToken['port']) { $server_url .= ':' . $urlToken['port']; } } else { if ($request->isSSL() && $this->shouldRedirectToHTTP($request)) { $server_url = 'http://' . $GLOBALS['sys_default_domain']; } } $finaleUrl = $server_url; if (array_key_exists('path', $urlToken) && $urlToken['path']) { $finaleUrl .= $urlToken['path']; } if ($request->existAndNonEmpty('return_to')) { $return_to_parameter = 'return_to='; /* * We do not want redirect to an external website * @see https://cwe.mitre.org/data/definitions/601.html */ $url_verifier = new URLVerification(); if ($url_verifier->isInternal($request->get('return_to'))) { $return_to_parameter .= $request->get('return_to'); } else { $return_to_parameter .= '/'; } if (array_key_exists('query', $urlToken) && $urlToken['query']) { $finaleUrl .= '?' . $urlToken['query'] . '&' . $return_to_parameter; } else { $finaleUrl .= '?' . $return_to_parameter; } if (strstr($request->get('return_to'), 'pv=2')) { $finaleUrl .= '&pv=2'; } } else { if (array_key_exists('query', $urlToken) && $urlToken['query']) { $finaleUrl .= '?' . $urlToken['query']; } } if (array_key_exists('fragment', $urlToken) && $urlToken['fragment']) { $finaleUrl .= '#' . $urlToken['fragment']; } return $finaleUrl; }
$vPv = new Valid_Pv(); if ($request->valid($vPv) && $request->get('pv') == 2) { $pv = 2; $HTML->pv_header(array()); } else { $pv = 0; site_header(array('title' => $Language->getText('my_redirect', 'page_title'))); } $vReturnTo = new Valid_String('return_to'); $vReturnTo->required(); if ($request->valid($vReturnTo)) { // Re-serialize feedback to display it on the 'return_to' page. $HTML->_serializeFeedback(); $url_verifier = new URLVerification(); $return_url = '/'; if ($url_verifier->isInternal($request->get('return_to'))) { $return_url = $request->get('return_to'); } $redirect = $Language->getText('my_redirect', 'return_to', array($hp->purify($return_url, CODENDI_PURIFIER_CONVERT_HTML))); print ' <script type="text/javascript"> function return_to_url() { window.location="' . $hp->purify($return_url, CODENDI_PURIFIER_JS_QUOTE) . '"; } setTimeout("return_to_url()",1000); </script> '; } else { $redirect = $Language->getText('my_redirect', 'default_txt'); }