mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-25 01:13:25 +01:00
ff567e04e5
Restrict redirect.php to allow requests only from within eGroupware. HTTP_REFERER is checked against the egroupware path. A valid session is now required.
49 lines
1.7 KiB
PHP
49 lines
1.7 KiB
PHP
<?php
|
|
/**************************************************************************\
|
|
* eGroupWare - save redirect script *
|
|
* idea by: Jason Wies <jason@xc.net> *
|
|
* doing and adding to cvs: Lars Kneschke <lkneschke@linux-at-work.de> *
|
|
* http://www.egroupware.org *
|
|
* -------------------------------------------- *
|
|
* This program is free software; you can redistribute it and/or modify it *
|
|
* under the terms of the GNU General Public License as published by the *
|
|
* Free Software Foundation; either version 2 of the License, or (at your *
|
|
* option) any later version. *
|
|
\**************************************************************************/
|
|
|
|
/* $Id$ */
|
|
|
|
/*
|
|
Use this script when you want to link to a external url.
|
|
This way you don't send something like sessionid as referer
|
|
|
|
Use this in your app:
|
|
|
|
"<a href=\"$webserverURL/redirect.php?go=".htmlentities(urlencode('http://www.egroupware.org')).'">'
|
|
*/
|
|
|
|
if(!function_exists('html_entity_decode'))
|
|
{
|
|
function html_entity_decode($given_html, $quote_style = ENT_QUOTES)
|
|
{
|
|
$trans_table = array_flip(get_html_translation_table( HTML_SPECIALCHARS, $quote_style));
|
|
$trans_table['''] = "'";
|
|
return(strtr($given_html, $trans_table));
|
|
}
|
|
}
|
|
|
|
if($_GET['go'])
|
|
{
|
|
$url= html_entity_decode(urldecode($_GET['go']));
|
|
unset($_GET['go']);
|
|
if (!empty($_GET)) $url=$url."&".http_build_query($_GET);
|
|
|
|
Header('Location: ' . html_entity_decode(urldecode($url)));
|
|
exit;
|
|
}
|
|
else
|
|
{
|
|
echo "this won't work!!";
|
|
}
|
|
?>
|