diff options
author | Stefan Giehl <stefan@matomo.org> | 2021-05-06 00:44:13 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-05-06 00:44:13 +0300 |
commit | 194179f90820187374898042bcbd7c0e29a153b6 (patch) | |
tree | f64297e577d0c835e120ee5f4e61639eac2120b4 /tests/resources/redirector.php | |
parent | 929d2ffe7d3392ece2348a50315576f349668b53 (diff) |
Ensure redirects in HTTP class are only done to allowed protocols (#17524)
Diffstat (limited to 'tests/resources/redirector.php')
-rw-r--r-- | tests/resources/redirector.php | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/tests/resources/redirector.php b/tests/resources/redirector.php new file mode 100644 index 0000000000..160f24508d --- /dev/null +++ b/tests/resources/redirector.php @@ -0,0 +1,26 @@ +<?php + +/** + * Script used to test redirects. If no redirect is left, the script will simply output the current url + */ + +$redirect = $_GET['redirects'] ?? 0; +$target = $_GET['target'] ?? ''; + +$url = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? + "https" : "http") . "://" . $_SERVER['HTTP_HOST'] . + $_SERVER['REQUEST_URI']; + +if ($target) { + header('HTTP/1.1 302 Found'); + header('Location: ' . $target); + exit; +} + +if ($redirect > 0) { + header('HTTP/1.1 302 Found'); + header('Location: ' . preg_replace('/(redirects=[0-9]+)/', 'redirects=' . ($redirect-1), $url)); + exit; +} + +echo $url;
\ No newline at end of file |