Fix (vulnerability) HTTP_HOST

Fix vulnerability (HTTP_HOST)
This commit is contained in:
novgorodschi catalin
2026-07-03 14:30:31 +03:00
parent 575a0f9e57
commit 8eeee03ca9
+16
View File
@@ -30,6 +30,22 @@ class funct
}
private function safeRedirect(){
$url = $_SERVER['HTTP_REFERER'] ?? '';
if (!empty($url)) {
$parts = parse_url($url);
// Acceptăm doar URL-uri locale
if (
empty($parts['host']) ||
$parts['host'] === $_SERVER['HTTP_HOST']
) {
header('Location: ' . $url);
exit;
}
}
header('Location: admin.php');
exit;
}