From tracker 2276:

Restrict redirect.php to allow requests only from within eGroupware.
HTTP_REFERER is checked against the egroupware path.
A valid session is now required.
This commit is contained in:
Hans-Jürgen Tappe 2010-04-13 19:27:54 +00:00
parent 3262b5a96e
commit ff567e04e5

View File

@ -32,17 +32,64 @@
} }
} }
if($_GET['go']) /* Only allow redirects with a valid session */
$GLOBALS['egw_info'] = array(
'flags' => array(
'noheader' => True,
'nonavbar' => True,
'currentapp' => 'home'
)
);
include('./header.inc.php');
/* Only allow redirects from inside this eGroupware installation. */
$valid_referer = array();
$path = preg_replace('/\/[^\/]*$/','',$_SERVER['PHP_SELF']) . '/';
array_push($valid_referer, $path);
array_push($valid_referer, ($_SERVER['HTTPS'] ? 'https://' : 'http://') . $_SERVER['SERVER_ADDR'] . $path);
array_push($valid_referer, ($_SERVER['HTTPS'] ? 'https://' : 'http://') . $_SERVER['SERVER_NAME'] . $path);
$referrer = trim($_SERVER['HTTP_REFERER']);
if ((!isset($_SERVER['HTTP_REFERER'])) || (empty($referrer)))
{
echo "Only usable from within eGroupware.\n";
}
else if($_GET['go'])
{
$allow = false;
foreach ($valid_referer as $urlRoot)
{
/* Check if the referrer begins with a valid URL. */
if (strncmp($urlRoot, $referrer, strlen($urlRoot)) == 0)
{
$allow = true;
break;
}
}
if ($allow)
{ {
$url= html_entity_decode(urldecode($_GET['go'])); $url= html_entity_decode(urldecode($_GET['go']));
unset($_GET['go']); unset($_GET['go']);
if (!empty($_GET)) $url=$url."&".http_build_query($_GET); /* Only add "&" if there is something to append. */
if (!empty($_GET))
{
$url=$url."&".http_build_query($_GET);
}
Header('Location: ' . html_entity_decode(urldecode($url))); Header('Location: ' . html_entity_decode(urldecode($url)));
exit; exit;
} }
else else
{ {
echo "this won't work!!"; echo "Redirect not allowed for referrer '".$_SERVER['HTTP_REFERER']."'.\n";
echo "<pre>";
print_r($valid_referer);
echo "<pre>\n";
}
}
else
{
echo "Error redirecting.";
} }
?> ?>