Browse Source

Validate our schema for a log(in|out)_url

Signed-off-by: Jeremy D <github@sleepycode.com>
Jeremy D 12 years ago
parent
commit
cd93d504fe
1 changed files with 14 additions and 1 deletions
  1. 14 1
      Sources/LogInOut.php

+ 14 - 1
Sources/LogInOut.php

@@ -115,6 +115,11 @@ function Login2()
 		// Some whitelisting for login_url...
 		if (empty($_SESSION['login_url']))
 			redirectexit();
+		elseif (!empty($_SESSION['login_url']) && (strpos('http://', $_SESSION['login_url']) === false && strpos('https://', $_SESSION['login_url']) === false))
+		{
+			unset ($_SESSION['login_url']);
+			redirectexit();
+		}
 		else
 		{
 			// Best not to clutter the session data too much...
@@ -602,11 +607,19 @@ function Logout($internal = false, $redirect = true)
 	// Empty the cookie! (set it in the past, and for id_member = 0)
 	setLoginCookie(-3600, 0);
 
+$redirect = true;
+$_SESSION['logout_url'] = 'ftp://localhost';
+
 	// Off to the merry board index we go!
 	if ($redirect)
 	{
 		if (empty($_SESSION['logout_url']))
 			redirectexit('', $context['server']['needs_login_fix']);
+		elseif (!empty($_SESSION['logout_url']) && (strpos('http://', $_SESSION['logout_url']) === false && strpos('https://', $_SESSION['logout_url']) === false))
+		{
+			unset ($_SESSION['logout_url']);
+			redirectexit();
+		}
 		else
 		{
 			$temp = $_SESSION['logout_url'];
@@ -740,4 +753,4 @@ function validatePasswordFlood($id_member, $password_flood_value = false, $was_c
 
 }
 
-?>
+?>