mirror of
https://github.com/Shadowss/TravianZ.git
synced 2026-07-07 21:34:22 +00:00
Fix (vulnerability) HTTP_HOST
Fix vulnerability (HTTP_HOST)
This commit is contained in:
@@ -30,6 +30,22 @@ class funct
|
||||
}
|
||||
|
||||
private function safeRedirect(){
|
||||
|
||||
$url = $_SERVER['HTTP_REFERER'] ?? '';
|
||||
|
||||
if (!empty($url)) {
|
||||
$parts = parse_url($url);
|
||||
|
||||
// Acceptăm doar URL-uri locale
|
||||
if (
|
||||
empty($parts['host']) ||
|
||||
$parts['host'] === $_SERVER['HTTP_HOST']
|
||||
) {
|
||||
header('Location: ' . $url);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
header('Location: admin.php');
|
||||
exit;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user