diff options
| author | Maurício Meneghini Fauth <mauriciofauth@gmail.com> | 2018-11-10 22:03:48 +0300 |
|---|---|---|
| committer | Maurício Meneghini Fauth <mauriciofauth@gmail.com> | 2018-11-11 01:48:59 +0300 |
| commit | 01e8064e3530a05d8d2975ad29fdd519a952e0ec (patch) | |
| tree | 2ff41df5477343946c252294da6aa7ff6840a003 /url.php | |
| parent | 79fd80cef5da7f67eed01825b4d4b957d03acffd (diff) | |
Retrieve parameters from $_GET in url.php
Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>
Diffstat (limited to 'url.php')
| -rw-r--r-- | url.php | 10 |
1 files changed, 5 insertions, 5 deletions
@@ -21,9 +21,9 @@ $response = Response::getInstance(); $response->getHeader()->sendHttpHeaders(); $response->disable(); -if (! Core::isValid($_REQUEST['url']) - || ! preg_match('/^https:\/\/[^\n\r]*$/', $_REQUEST['url']) - || ! Core::isAllowedDomain($_REQUEST['url']) +if (! Core::isValid($_GET['url']) + || ! preg_match('/^https:\/\/[^\n\r]*$/', $_GET['url']) + || ! Core::isAllowedDomain($_GET['url']) ) { Core::sendHeaderLocation('./'); } else { @@ -33,11 +33,11 @@ if (! Core::isValid($_REQUEST['url']) // external site. echo "<script type='text/javascript'> window.onload=function(){ - window.location='" , Sanitize::escapeJsString($_REQUEST['url']) , "'; + window.location='" , Sanitize::escapeJsString($_GET['url']) , "'; } </script>"; // Display redirecting msg on screen. - // Do not display the value of $_REQUEST['url'] to avoid showing injected content + // Do not display the value of $_GET['url'] to avoid showing injected content echo __('Taking you to the target site.'); } die(); |