phpBB

Code Changes

File: includes/functions.php

  Unmodified   Added   Modified   Removed
Line 2492Line 2492
		// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
if (!$disable_cd_check && $url_parts['host'] !== $user->host)
{

		// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
if (!$disable_cd_check && $url_parts['host'] !== $user->host)
{

			$url = generate_board_url();

			trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);

		}
}
else if ($url[0] == '/')

		}
}
else if ($url[0] == '/')

Line 2577Line 2577
				$url = generate_board_url() . '/' . $url;
}
}

				$url = generate_board_url() . '/' . $url;
}
}

 
	}

// Make sure we don't redirect to external URLs
if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0)
{
trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);

	}

// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2

	}

// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2

Line 2782Line 2788
	}
else
{

	}
else
{

		if (!empty($_SERVER['SERVER_PROTOCOL']))

		if (!empty($_SERVER['SERVER_PROTOCOL']) && is_string($_SERVER['SERVER_PROTOCOL']) && preg_match('#^HTTP/[0-9]\.[0-9]$#', $_SERVER['SERVER_PROTOCOL']))

		{
$version = $_SERVER['SERVER_PROTOCOL'];
}

		{
$version = $_SERVER['SERVER_PROTOCOL'];
}

Line 3367Line 3373
		}

// Determine first occurrence, since in values the equal sign is allowed

		}

// Determine first occurrence, since in values the equal sign is allowed

		$key = strtolower(trim(substr($line, 0, $delim_pos)));

		$key = htmlspecialchars(strtolower(trim(substr($line, 0, $delim_pos))));

		$value = trim(substr($line, $delim_pos + 1));

if (in_array($value, array('off', 'false', '0')))

		$value = trim(substr($line, $delim_pos + 1));

if (in_array($value, array('off', 'false', '0')))

Line 3384Line 3390
		}
else if (($value[0] == "'" && $value[sizeof($value) - 1] == "'") || ($value[0] == '"' && $value[sizeof($value) - 1] == '"'))
{

		}
else if (($value[0] == "'" && $value[sizeof($value) - 1] == "'") || ($value[0] == '"' && $value[sizeof($value) - 1] == '"'))
{

			$value = substr($value, 1, sizeof($value)-2);





			$value = htmlspecialchars(substr($value, 1, sizeof($value)-2));
}
else
{
$value = htmlspecialchars($value);

		}

$parsed_items[$key] = $value;

		}

$parsed_items[$key] = $value;