Skip to content

Commit

Permalink
verify redirect behind a proxy (#900)
Browse files Browse the repository at this point in the history
  • Loading branch information
michield authored Oct 24, 2022
1 parent 68dd126 commit f34d65e
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 10 deletions.
12 changes: 4 additions & 8 deletions public_html/lists/admin/js/phplistapp.js
Original file line number Diff line number Diff line change
Expand Up @@ -304,15 +304,11 @@ $(document).ready(function () {
}
});



$("a.savechanges").on("click",function () {
if (changed) {
document.sendmessageform.followupto.value = this.href;
document.location.hash = ""
document.sendmessageform.submit();
return false;
}
$('#followupto').val(this.href);
document.location.hash = ""
$('#sendmessageform').submit();
return false;
});

$("#criteriaSelect").on("change",function () {
Expand Down
2 changes: 1 addition & 1 deletion public_html/lists/admin/lib.php
Original file line number Diff line number Diff line change
Expand Up @@ -1150,7 +1150,7 @@ function fetchStyles($text) {
function isValidRedirect($url)
{
//# we might want to add some more checks here
return strpos($url, hostName());
return stripos($url, hostName()) || stripos($url,getConfig('website'));
}

/* check the url_append config and expand the url with it
Expand Down
2 changes: 1 addition & 1 deletion public_html/lists/admin/send_core.php
Original file line number Diff line number Diff line change
Expand Up @@ -607,7 +607,7 @@

// print $tabs->display();
}
echo '<input type="hidden" name="followupto" value="" />';
echo '<input id="followupto" type="hidden" name="followupto" value="" />';

if ($_GET['page'] == 'preparemessage') {
echo Help('preparemessage', $GLOBALS['I18N']->get('What is prepare a message'));
Expand Down

0 comments on commit f34d65e

Please sign in to comment.